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Abstract 


A denotational semantics of CLU, an _ object-oriented : 
abstractions, is presented. The definition ‘fs based on Scott's ® 
the theory of computation. Modules, the basic unit ‘af compilation, ate:tepresented in terms 
of a set of recursively defined ‘domains called the abstract syntax. As part of checking the 
legality of a module, a transformation is ‘made from the abstract synthx toa modified 
syntax; the transformation reflects the results of compile-time computations that need not 
be repeated at run-time. An execution environment is defined to be a set of ob jects, each 
with a particular state, together with a mapping from variable names to objects. The 
meaning of an expression or statement is a function that takes an environment and. 
produces a result consisting of a termination condition, a list of zero or more objects, and a 
new environment; the termination condition is used to govern control flew. This uniform 
_ treatment of expressions. and statements. allews:.a:: ; Simple definition: of - the -run-time 
‘exception handling mechanism provided in CLU. The meaning of a ‘procedire gefierator 
or iterator generator is a function that takes a list of actual parameters, a list of arguments, 
and an environment, and produces a result as for. statement and expression evaluation. 
The meaning of parameters is given in terms of textual substitution. A non-parameterized 
routine is viewed as being a generator with an empty parameter list. The meaning of a 
cluster is a function that takes a list of actual cluster parameters and an operation name, 
and produces the meaning of that operation. 
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1. Introduction 


With the design of the programming language CLU [Liskov77a, Liskov77b, Liskov78] 
essentially complete, it is important to have a precise semantic definition of the language. 
Such a definition can be useful to: 

1) the designers, in verifying that CLU is well-defined, 
2) implementors, in proving the correctness of system implementations, 
3) programmers, in writing programs and proving them correct, and 


4) other language designers, in gaining a precise understanding of CLU. 


There are four basic styles of semantic definition. Grammar-oriented methods, such as 
attribute grammars (Knuth68], W-grammars [vanWijngaarden76], and production systems 
CLedgard77], consist of a set of rules for generating legal programs together with a set of 
rules for defining the meaning of a program; the meaning is defined either by generating 
all possible execution sequences or by translating the program into a_ predefined 
programming or assertion language. Operational schemes, such as the Vienna Definition 
Language [Wegner72] and SEMANOL [Blum73], specify meaning by defining a 
metaprogram, executable on an abstract machine, to serve as an interpreter; the meaning of 
a program for particular inputs is given by a trace of the computation performed by the 
interpreter. Denotational methods, such as the Oxford definition method [Scott7la, 
Milne76, Stoy77], define the meaning of a program as a mathematical function from initial 
to final states, with intermediate state changes ignored. Axiomatic techniques, such as that 
proposed by Hoare [Hoare69], specify meaning with axiom schemas and rules of inference; 
the meaning of a program is a mathematical relation between predicates true of all states 


before and after execution. 


Unfortunately, no single style of definition is well-suited to the needs of all four classes 
of people listed above [Hoare74]. Grammar-oriented and operational definitions are the 
most appropriate for implementors, whereas designers often need a denotational semantics, 
with “irrelevant” implementation details abstracted away. On the other hand, an axiomatic 

“definition is the most useful for programmers. Thus several definitions may be needed. 


However, there should be one “standard” definition, against which all others must 


. ultimately (if indirectly) be sompared: 


This thesis presents a denotational semantics of CLU, based on the lattice-theoretic 


approach to the theory of computation as initiated by Scott [Scott70, Scott7ib, Scou72). We 
have chosen a denotational semantics for the following reasons: 


1) 


~~ 
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4) 


Compile-time type-checking, a very. important aspect of CLU, does not. fit within an 
axiomatic framework but is easily described with denotational techniques. Hence a 
denotational — semantics can be Used to “verity a “compiier's implementation of 
pe-checking. 

Specif ically, the treatment t of side-ef fects o on object is not well developed, We believe a 
denotational semantics will be a useful tool in extending axiomatic techniques. to. 
encompass object-oriented. semantics. In particular, proving axiomatic and denotational 
definitions equivalent is generally much simpler than proving axiomatic and: Bperational 
definitions equivalent. ; 

Although a denotational semantics is 5 not particularly sind to the task of verifying a 
code generator or a run-time system, a denotational semantics is generally simpler and 
more concise than an operational semantics, and thus is a better candidate, for the 
standard def inition. 


A new formalism, based on a new model of eaniaitanon. has ‘been developed by 


Schaffert (Schaffert?8b] and used to define CLU (Schaffert76a). Designed explicitly 


for ob ject-oriented languages supporting data abstractions, Schaf fert's method combines 
various elements of operational, denotational, and axiomatic techniques: We. wish to 
present an alternative definition of CLU using an established method, so that the 
usef ulness of Schaffert’s work can be evaluated f ora non-trivial language. 


We do not provide an informal description of the syntax and semantics of CLU. 


Rather, we assume the reader is familiar with [Liskov78). We do describe the most basic 


elements of lattice theory necessary to understand the definition, but we assume familiarity 


with the A-calculus [Church5lJ. We do not deal with the question of whether the 
definition is well-founded; readers interested in the details of fixed points and reflexive 


8 
domain constructions are-referred to (Scott7ib, Scott76] for proof. . 


Chapter 2 provides an overview of the def inition, describing the miost important and 
novel aspects. Chapter 3 presents the theory and notation ‘used throughout the remainder 
_ of the thesis. An abstract syntax for CLU is given ‘in ‘Chapter 4, as well asa modified 
syntax used f or ‘def ining meaning. Chapter’ 5 defines ‘Tegal programs and the 

transformation f rom the abstract to the modified syntax, ‘and Chapter 6 defines the 
meaning of legal programs. Indexes to the numerous domains and functions defined in 
these chapters are provided at the end of the thesis, and should prove tisef ul ‘aids to the» 
reader. Chapter 7 concludes with some general comments about the definition and gives a 
comparison of our definition to the one done’ by Schaffert. . 


Cn do oe i i 


2. Overview 


The basic unit of eoanauae in CLU is a module, an implementation of an 
abstraction. Our definition consists of two ma jor parts. The first part, defining what 
constitutes a legal module, captures the notion of compilation, while the second part, 
defining the teaming of legal modules, captures the notion of execution (or evaluation). 


This. chapter gives an overview of these two parts... 
2.1 Legality 


For a module to be legal, it must satisfy certain syntactic and semantic. constraints. 


Checking the context-free syntactic constraints is part of parsing, and will not be dealt 


with. Instead we define an abstract syntax, in terms of a set of recursively defined domains, 
to represent all possible parse trees. The abstract syntax retains the basic syntactic structure 
of the program text but various details, such as formatting and the presence of comments, 
are not represented. The precise relationship between the abstract syntax and actual text is 
defined in an appendix. We group the: checking of context-sensitive syntactic constraints 


along with type-checking under the term legality-checking. 
2.1.1 Syntactic Transformations 


Among other things, legality-checking involves the evaluation of constants, the 
substitution of actual values for equated identifiers, the expansion of abbreviated forms of 
invocation, and the resolution of external references. These same computations are 
necessary to define the meaning of a module. If we are to separate the legality of a module 
from its meaning, we must retain the relevant information from the checking phase and not 
recompute it when defining the meaning. This implies that, as part of legality-checking, 


we must transform the original parse tree into a new (and simpler) form. 


Some of the declarative information in a module is not needed when defining the 
meaning of the module. For example, much of the module heading exists solely for the 
purpose. of type-checking. Further, the declarative information that is riecessary for 


spe aptietipeay. Svs gigs, sey tess 
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defining the meaning is usally scattered throughout the module, and must be collected atid 
} da nat cause any immediate 
png unite est k be. removed when 
that unit is exited. Thus at some point it is necessary 0 to calle gfe of the variables declared 


put in a more useful form. For example, variable deciara itor 


action during evaluation, but variables local toa given, 


| in each scoping unit. 


Since all of the declarative information ‘is static and: need only ‘be ‘progessed once, we 
prefer to include all of the processing as part of legality-checking. Hence 
"legality-checking” involves not only checking the legality of a module, ‘but also remaving 
Apfarmation irrelevant to evalation, and puting infenmetion. necessary to exaluatinn: in its 
most usable form, .Haweyer, not. all of the Sear OrmatAns..we eh f0, pectarm, age 
mappings inte a subset of the absirast potas. Theretene.we defion ¢.new set of domains, 
called the transformed syntax, for representing the modified pars LESS. Fer. gach. dai 
of the abstract syntax. we define ¢ function that both checks an eee the domain and 
-anstructs a new element.in the. Jrans{ormed. syDaX. ere 


(2.1.2 Compilation Bavir ninents oat Mae 


The legality of a program fragment generally depands an the pei Soptext in which 
the fragment appears. Therefore, legality-checking is always done ‘with respect joa 
particular compilation enpirenment, or CE. Part.of the Ch ita usersmapplied. mapping from 
dentifiers.to abstractions and constants, used to remlye external references: although this 
‘Mapping. is called the CE in [Liskovigl, we wil we Ane wm GEE far. the. complete 
environment. 1p. addition,. the CE contains the sutrent Sesleratiens of dgca) identifiers. 
interface informatiqn derived from the module heading. flag indicating. df the bedy af.a 
Joop statement is. being: checked (to determine. the . legality, Af Brags. aad Santinus 
statements), and informatign about. all .exceptign . pander... .wreppding,. the aT rept 


Statement. 


“The CE also contains part of the CLU Jibrary. the repasery ef all information about 
.abstractions. For each abstraction there is a desqdption unit (DU) containing all 


system-maintained information about that abstraction. For our purposes there are only two 


ll 
pieces of information a DU contains: an interface specification representing all information 
needed to type-check uses of the abstraction, and a list of implementations. Since this 
‘information can expand over time (DUs are “initially empty) and we have only static 
mathematical ob jects to work with, a bu is represented simply by a unique id. The library 


is then represented by a pair of mappings, one from DUs to interface specifications, and 
one from DUs to mp mento The CE coniains only the first mapping. 


2.1.8 Interface Specifications : . 


In general, before a module can be compiled, the Wbrary must contain an interface 
specification for every abstraction the module uses. For our definition to be ‘complete then, 
we need to define what legal interface specifications are and how interf aces are entered into 
the library. Although a specific textual form for interfaces is not given. in (Liskov78), the 
interface for an abstraction can be derived: from any legal module implementing that 
abstraction. Theref ore, rather than introducing a textual form for interfaces, we will view 
a request to compile a module as if it were a request to first derive the interface and if 
necessary) enter. the interface into the library, and cuioaas compile the module.” 


Thus we allow a . module to » be compiled even though the library does not contain | the 
interface of the particular abstraction being implemented; the. interface is installed asa 
side-effect of compilation. More generally, a group of modules can be compiled 
simultaneously even though interfaces do not exist for any of the corresponding 


abstractions. 


With this view of compilation, legality-checking takes on the following form. First, 
interfaces are derived from the headings of the modules to be compiled. These interfaces 
must be identical (up ‘to renaming of formal parameters) to the interfaces already in the 
library, if any. The derived interfaces are ‘then installed temporarily | in the library and the 
modules are checked in their entirety. The derived interfaces remain in the morery if all of 


the modules are legal; otherwise hey are removed. : 
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Although it is fairly easy to derive and check the interface of almost any reasonable 
module, it is possible to construct nonsensical yet legal modules for which the process is not 
so easy. Unfortunately, it is extremely difficult to devise simple rules that make nonsensical 
modules illegal without also making some sensible modules illegal, and no such rules exist 


in CLU. Hence we must deal with a few problems. ' 


In particular, certain kinds of cyclic and self references complicate the way interfaces 
must be derived. For example, to derive the interface of F in 


P = proc () returns (Alfalse)); ... end P; 
F = proc () returns (AIF = P)); ... end F; 


one must evaluate the expression "F = P". This expression is an abbreviation for the 
invocation “T$equal(F, P)", where T is the type of F. If we take the stand that illegal 
expressions should never be evaluated, then to type-check "F = B" we must know the exact 
‘type of F. However, the type of F depends on the value of the very expression we are 


attempting to evaluate. 


Although this is a bizarre example and would never occur in a real program, it is in 
fact legal. We can reason as follows. P and F are distinct procedures, and distinct 
procedures are never considered equal. Therefore the invocation evaluates to false if it is 
legal. But then P and F are of the same type so the invocation is actually legal. (The 


invocation would be illegal if P were written with “Altrue]”.) 


As a slightly more reasonable example, consider a two-person game where players 


operate by different rules. One might try to represent alternating moves in the game as — 


follows: 
offense = cluster [t: type) is best_replies, ... where t has ...; 
best_replies = iter (x: cv yields (defenselt]); ... end best_replies; 
_ end offense; 
defense = cluster [u: type] is best_replies,... where u has... ; 


best_replies = iter (x: cvt) yields (offensefu)); ... end best_replies; 
end defense; 


The interface of defense is needed to check the interface of offense (specifically to check 
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“defenselt]"), and vice versa (to check “offenselu]”). Initially we can assume that 
“defenseft]” and “of fenseCul” are legal type specifications; then. after. the derived interfaces 
are installed we can actually check the legality of these constructs. 


As these examples suggest, we can derive an interface and check its legality, but two 
passes are required to guarantee that no errors are missed. “In the first pass certain 
constr ucts are simply assumed. to be legal, and must be evaluated with incomplete type 
information. ‘Then these constructs. are rechecked. when checking the entire “mediule, this. 


time with complete information, to ensure there are no inconsistencies. 


in more detail, we begin legal checking by inesiunae one of two specie interfaces for 
each. abstraction. being implemented. The special interface type. is used when the 
implementing module is a cluster; every, use of she. abstraction 4s considered a legal se 
specif ication, regardless of the number and: types. of actual parameters. supplied. 
addition, every. operation name qualified by. such a type, specification ds considered. ft 
The special interface routine is used when the ienplementing, module, is a procedure. or 
iterate: every use of the abstraction is considered a | legal rouriie name, regardless of the 


number and types of actual parameters supplied. 


We also define a special type, routine, to be used as the syntactic type of every routine 
name ‘and every Operation name) that is ashuipes legal. (This does not mean that “routine” 
isa reserved word; a use of “routine” ina program will not refer to this special type. The 
type routine is a “wild, card” in that it is considered equal to (and hence includes and is 
included in) all procedure and iterator types. Routine is defined to have the same 
operations that procedure and iterator types have. Returning to the invocation "F = P" in 
the fi irst example above, both F and P would be assumed to be legal names of syntactic type 
routine, so the invocation: would expand to domeremics ‘Py: and then evaluate to 


false. 


The special interfaces and the type routine are used ‘only when deriving ‘interfaces. 
The type routine is used only when an abstraction has a special interface, and the special 


interfaces disappear wher the derived interfaces are installed. 
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2.2 Meaning 


Our definition 6f the meaning’ of a legal prégrarh can We stiithatized as folfows: The 
CLU universe is def ined to be the set of all potentially existing. objects. A particular set of 
ob jects, each ob ject having. a particular individual states, iis termed a universal state. An 
exectition environment is def ined to be a universal state together with a set of variable 
bindings | tepresented as a Mapping: from Adentifiers to. SDRC... The “meaning of an 
expression or statement, is a function that. takes an environment and produces a result, 
consisting of a termination ‘condition, a list of zero or more ob jects, and a new environment. 
The meaning of-a procedare generator or iterator gérieratonts #/figrictton’ that: takes a list of 
actual parameters, a ‘ist of arguments; and an envinorivert, isitid priduces’a ‘resuk. The 
meaning of parameters és given: in tetms of “textual” sebititation: A ridn-parameterized 
routine is viewed-as being @ generater: with an empty parameter Rit: The meaning of a 
cluster is a function ‘that takes a list of actual cluster patameters and an pada name, 
and shai the: meaning of that: ‘Operation. 


We now discuss these points in more detail. 
2.2.1 Objects 


Every ob ject has an identity, distinct from the identity of ail other ob fects, and a set t of 
Properties, Ob jects with only time-invariant Properties are called constant; the properties 


Tes, gy abe vag 3 area eget 
associated with a “constant ob ject. comprise ‘that ob ject’s value. Objects ts with time-varying 
Oe Bee hr AME vege 
properties are called mutable; the current "values" of the properties ofa ‘mutable ob ject are 


SA AT hee 


collectively ter med the state of that ob ject. 


One time-invariant property associated with every. Pan ‘is membership in -a. type. 
Were it not for the necessity of defining the parameterized procedure force, which 


requires testing the type of an ob ject, there would be no need to include any, type 


* me v4 BB ge Meo s oor te 


information in. our representation of ob, jects. However, 3 since this information must be kept 


aay 


for at least some ob jects, we choose to keep it for all ‘objects, One component of évery 


object is thus a type agi LAE a canonical name for the type of which the object is a 
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member. 


The presence of a type descriptor in every ob fect simplif ies the task of making ob jects 
distinguishable. In particular, since every constant ob fect h has a unique value, the value can 
serve to represent the object without introducing explicit: identities. For example, the 
constant ob jects obtained from the invocations —_ 


oneofla, b: intl$make_a(3). 
oneofla, c: int]$make_a(3) : 


can (only) be distinguished by their types: 
(tag: "a", val: (val: 3, type: in, type: oneofla: int, b: int) 
Atag: “a”, val: (val: 3, type: ind, type oneofla: int, c: Int) 
However, it is not suffi icient to represent a mutable Object. by. its. State, as dif ferent mutable 
objects can have identical state. Rather, the ‘identity. of a. mutable object. is explicitly 
represented by a unique id. ; | 7 


mae OEs 


Although we wautid: like to represent a- mutable ob ject directly by its identity and state, 
this cannot be done. The problem is that we want to be able to chalige the state of an 
ob ject without having to alter the representation of any other ob Ject.. Re, Mugeate, sppose 

we have two arrays, represented (approximately) as 


(id: A, low:-1, -elts: 0, type: arraytint)) 
(id: B, low: 1, elts: ( (id: A, low: 1, elts: 0, type; arraylint) ), 
type: arraylarraytintd) 


The array B contains the array A as an element. Now. suppose we change the low bound 
of A: ee a 
(id: A, low: 2, elts: (), type: Si ; a 
(id: B, low: J, elts: ( (id: A, low: 1, elts: 0), type: arrayCint)) ), 
type: arraylarraylintl)) . 
Since we are dealing with static rhathematical values there is no sharing, and the change to 
Ais not ref lected in the” “copy” of A contained in Be | 


Our solution to this abt is to represent sa goalies is with. just-a unique id and 
a type descriptor. The above example would then took something like 
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(id: A, type: arraylint)) 

(id: B, type: arrayl arraylint))) 

The association between mutable ob jects and the rest of their» state is given by a mapping 
(or mappings) as part of the universal state. For ‘example, . 


state(A) = (low: 2, elts: 0) 
state(B) = (low: 1, elts: ( (id: A, type: arraytint)) ) 


In fact, by considering constant objects as always in existerice, the universal state can be 
represented simply as a list of mutable ob jects (i.e., unique id-type descriptor pairs) together 


with one or more state mappings. 


In dealing with parameters, it witl be convenient to treet actual parameters uniformly as 
objects. The only actual paraimeters not hortnally thought of as “Gib jects are types, but there 
is tio difficulty in treating them as such. A’ type object is ‘represented by a pair of type 
descriptors, one for the type itself and one for the type of the Ob ject asa whole. For 
example, | 


(val: array.ind, type: type) 
2.2.2 Variables 


We would like to model variables with a mapping from identifiers to objects, (In 
particular, we wish to avoid’ using: the standard: “swore” senviaritics tStrachey73I, where 
‘variables name memory locations that contain pointers to locations containing ob jects.) 
Because of the representation we have chosen for ob jects, there are no difficulties with this 
model; having several variables denote the same object is essentially the same as having 
several ob jects contain the same ob ject, ee. a } 


Uninitialized variables are treated in the following manner. _, initially ali variables 
denote a unique "bad” ob ject, which otherwise cannot be produced in a legal semputation. 
Whenever a variable is referenced, the denoted ob ject is checked to ensure that it is not the 

“pad” object. At:the end of exch seoping unit, al variables decigred foval to that unit are 
again made uninitialized by mapping them: back to-the: “oad” ob ject. 
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2.2.38 Termination and Exception Handling . 


A continuation is a function that defines the meaning of the “rest” of the program, 
starting from a particular point in the text. Continuations are mormaily used. when 
non-sequential control flow is possible [Wadsworth73). For example, continuations can be 
defined at every labelled ‘point in a program; the meining’of "go to L” is then defined. as 
the application of the continuation for L tothe current en'vironment. However, since only 
well-structured, forward transfers of ‘control dttur in“CLU, we have ‘chosen not to use 
continuations. Instead, we “tag” the cuteome of ‘every evaluation with a termination 


condition. 


. The eee idea is that one condition, normal, implies that contrat should proceed 
sequentially while all other conditions imply a sranater, of gontrol.. The equations. of the 
def inition are written so that results with ngnenpr anal termination conditions. propagate 
repriate point of. control is reached. For 
example, the result of a return statement propagates. to the procedure or iterator boundary 
and then changes to a'result with a normal termination condition. ‘Similarly, the result of a 
“signal statement propagates to the: ‘procedure Or iterator ‘boundary and then changes to look 
like the result of an exit ‘statement; the result a sane the fe appropriate handler in 


through all intermediate evaluations until the. a 


the caller. 


For this technique to work well, it is neceisary that expressions and statements evaluate - 
to elements of the same domain, so that results can propagate freely. The result of such an 
evaluation therefore is defined to bea ‘triple’ conisiseing of a termination condition, a list of 
zero or moré objects, ‘afd an environment. Normally, expression ‘evaluation produces a 
result with just one object anid’ staterhent evaluation produces a ‘result with no ob jects. 


Since’ expression evaluation’ cannot alter any variable’ ‘Bladings (but statement 
evaluation can), one might wish ‘to'make the result of ‘expression evaluation include’ just a 
universal state instead ‘of a complete environment. Although this would obviate the fact 
that expression evaluation does riot alter the Variable bindings for subsequent evaluations, 
it would not obviate the fact that variable bindings for subexpression evatuations are not 
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affected. Since the proafs of these facts are trivial, but having two result forms would 


complicate the definition, we prefer to use a single form of result. 
22.4 Iterators 


There are basically two ways to view an iterator. The first way is that an iterator 
actually yields values to a for statement. In order to define. iterators.in this. way, an iterator 
must actually yield an extra value, namely. a. continuation, so that the iterator can be 
resumed. In the second view a closure, consisting of the loop -bady and the variable 
bindings active for that body, is passed to the iterator. At each yield statement the loop 
body is evaluated with its active variable bindings to produce a new universal state and 
new variable bindings. The hew bindings replace the previous bindings in the closure, and 
‘the iterator continues with its Own active variable bilidings and the new universal state. 
When the iterator terminates it returns the variable bindings produced by the last loop 
cycle, and the caller continues with those Bindings. | = 


We are not using continuations to define any other constructs. of CLU, so it seems. best 
to take the second view of iterators. Further, defining. iterators in, this fashion involves 
much less interaction with other clauses of the definition than would be the case with the 


first view, and works out much simpler overall. 


The closure for a for statement is kept as a component of the environment. However, 
iterators can invoke other iterators, so the environment actually contains a stack of closures. 
The caller pushes on a closure before invoking the iterator. At each yleld statement. the 
iterator pops off the top closure, evaluates the loop. body, and. then pushes a new closure 
back on the stack. When the iterator terminates, the caller pops off the top closure. . 


Since the iterator controls evaluation of the loop body, the for statement automatically 
terminates when the iterator terminates. On the other hand, if the loop body executes a 
return or signal statement or terminates in an exceptional condition, this information must 
be propagated through the iterator and back to the caller. The information must be 
treated specially; for example, the result of a return statement executed in the loop body 
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should not be changed at the iterator boundary to look like a normal result, as would 
happen for a return statement executed in ‘the iterator. Thus, special termination 


conditions are used.in these cases. 
2.2.5 Modules 


Rather than distinguishing between parameterized and non-parameterized modules, we 
prefer to view every module as having a parameter list, though the list can be empty. The 
meaning of a procedure is then a function that takes a list of actual parameter ob jects 
(treating types as objects as previously discussed), a list of argument objects, and an_ 
execution. environment, and produces a result (a termination ‘condition, a list of ob jects, and 

anew environmend. The meaning of parameters is given by-a rewriting rule; the actual 
3 parameters are substituted for the formal: parameters in the parse tree before the procedure 
body is evaluated. Hence there is-no need for parameter bindings’ in the execution 


environment. 


Because of the way we have defined iterators, they have the same functionality as 
procedures. The iterator and its caller meer the environment ‘rather than explicitly 
passing extra values back and forth. 


The meaning of a cluster is a function that takes a list of actual cluster parameters and 
an operation name, and produces the meaning of that operation. The actual parameters 
are substituted for the formal cluster parameters before the meaning of the operation is 
derived; the meaning of the operation is then defined as for any other procedure or 
‘iterator. The function produces the meanings of al routines in the cluster, including 
“hidden” operations; legality-checking ensures that only the cluster can directly name the 


hidden operations. 


“3. Theory and Notation 


This chapter describes the most basic elements of the-luttice-theoretic: approach to the 
theory of computation, and introduces the notation used in the remainder of the thesis.” 
Our goal here is to say just enough about the underlying wey ‘for ‘the language 
ignored. Motivation for and 
detailed discussion of the lattice-theoretic approach can be found in [scon72).. 


grein 


definition to make sense; many. aspects, will be glossed over oF 


83.1 Domains © 


A domain is a non-empty set of elements. (A domain must-albo fave a partial ordering 
defined on its elements, but the ordecing-will-not congern- us:heré Every: domain D ‘has a 
distinguished element, 5; called: bottom... Bottom. .:is ased : tosivepresent the value: of 
meaningless, — illegal; -nenterminating, or otherwise: cumiefined-. computations. 
Legality-checking never involves such a computation, and legality-checking guarantees that 
Posten is prod cee eae by onterminating: Nabari pies Lage execatton, | 


..Demains are constructed: én the folowing. ways: 
1) Given a countable set of elements, a primitive domain.is formed by adjoining to the set 
a distinguished ceren to serve as bottom. 
2) Given domeins D,. Ds se De the product domain 
x D, = D,x D,x..x D, . ; 
is defi Ren be the set of all n-tuples of ane form 
. <d,; d,; i n> . 
where each dy is an clement of D of r Dy A A produc domain is essentially a form of constant 
record.’ The element — 
<b) i +05 vies ty> 
is distinguished as ae for the product domain. When all of the D, are the same 
domain D, we write x D, as D", the set of afi lists of length n of elements of D. We 
treat D and D! as he same domain. We define D° to be the set {1,, <>} for all 


domains D. The 0-tuple <> is written as “nil”. 
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3) Given oars D Dy Dy, -» Dy the sum domain 


; D, = D,+D,+..+D, 
is dines be the set of all pairs.of. the form 
-<i; d,> 
where d, is a proper element (i.e. not bottom) of D,. In addition, the sum domain 
contains a distinguished element as bottom. A sum. domain 4g sirnjlqr toa. oneal type. 
4) Given a domain D, the domain D* of all lists of elements of D is catinedt be 
Dt sD" = DMs Dhe .+D%s ors 
Simitarly, the Gems D* of all non-einpty lists is defined by 
_ D* =D" «D+ Des a + D' 4 
5) Given domains D, and D 2: the function domain. 
D,~D, 
is defined to be the set of all continuous functions from D, to D,. We will not define 
continuity here (see (Scott72)), but amp: note bcos all of ie fonctions: used in this 
thesis are continuous. The function — : 
ad. 1p, 
is distinguished as bottom for the function domain. 


We define 'x’ to have precedence over '+' and '-', and +’ to have precedence over 9", 
For example, we write | 
Expression x CE -» Expr x CE 
instead of 
(Expression x CE) - (Expr x CE) 


3.2 Notation 


In general each fora is given a a name, consisting of letters and underscores. As an 
exception, the domains + D" and + +p" are named D* and D*, respectively, for any 


nad 
domain D. Domain names are written with at least the fir iret eter capitalized. 


An arbitrary element ef a domain is written as the dornain name alt in lower case, with 
a digit added if necessary to distinguish it from other names: Thus; 
d,di,d2 are names for arbitrary clerients of By - 
d*,dl*,d2* — are names for arbitrary elements of D* 
d*,di*,d2* . are names for arbitrary elements of Dr 


Names for wians furtctions appear in iraties. 


For any name D, the boldface name D stands for a two-element domain. whose (only) 
proper element is written as the boldface name d.. For example, the domain True consists 
True and true. In addition, a boldface operator (+, % ec) or punctuation 
symbol ({, [, etc.) names, according to’ context, etther a two-eloment demain or the proper 


element of that domain. 


of two elements, 1 


A typical element of # product domain ey i usualy writn 

<i dg i A> 
However, when alt of the components come from syntactic: dctinindy boldface elements and 
spaces serve to separate the various components, and elements are written as | 

Id,d,..d al 
For example, a et element of the domain 

Begin x Body x End 
is written as 

[begin body end3 
The syntactic domains are those used in the abstract syntax, the sane ane syntax, and 
interface specifications. They are defined in the riext chapter. 


We will often want to extract specific components from elements of product domairis. 
Therefore, each: “component is given a name. Occasionally we witt list these names ig came 
in the domain definition, as in 

vars: Idn* x body: Unit x env: Env 
When names are not explicitly given, they are taken to be the component domain names in 
_ lower case, except that * and * are changed to 's', and a digit is added if necessary to 
distinguish components of the same domain. For example, the component names of 


Obj* x Obj* x Env 
are | / 34 


objsi objs2 env 


Given an expression representing an element of a domain, a component is selected by 

appending a period, followed by the component name. For example, . 

d.ob js2 
To "replace" a component named name of an element elt with a new value val, we use the 
notation | . 7 

elt [val e name) 
Note that this does not change el¢, it merely stands for some other element: 

<dj3.3d,>CvaledJ = <j. dy. Val; dyy3 3 d.> 


We define 

let name = val in exp 
to be 

(aname. exp) val 
That is, substitute val for every free occurrence of name in exp. Often only names for the 
components of val are needed, so we define both 

tet <d poi d>= val in exp 
and 

let Ld, ..d,J = val in exp 
to be 

let d,=vald, in .. let d,=vald, in exp . 
We build the naming of components into A-expressions by defining 

A(d,, ..., d,). exp | a | 
to be 

At. (let <dj; 5g d.> = tin exp) 
and when applying a function to. an element of a product domain we write g(Xx,, .... X,) 


instead of g(<x,; ...3 x,>). 
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The form 
BX y,  X,)  eXp 
means that g is defined to be 
MX yy ve Ky). EXP 
When defining functions recursively, we use the form 
a(x, ws X) & rec Alg, XK yp oon x) 
This means that one should compute g as the least fixed point of 
AF. CACK yy ses Kade AUP, X gy ony KAI | 
Least fixed points are defined in [Scott72). 


3.3 Functions 


Some of the functions defined below return boolean values. The domain Bool is 


defined to be the sum domain True + False. 


A domain D is said to be function-free if no element of D is, or contains, a function. 


For every function-free domain D we define the function 


Equal: D x D > Bool written dl =d2 

as follows: 
di=d2 «= true if dl and d2 are the same proper element 
di=d2 = false if dl and d2 are distinct proper elements 
dl=d2 = t,,,, if di or d2 is 1, 


n 
For every sum domain D = + A, we define the functions 


j=l 
A ,-in jection: A,7D written a, in D 
A,-projection: D-7A, written dtoA, 
A,-inspection: D— Bool written, dis A, 
as follows: 
a,inD = <i; a,> when a, is a proper element 
ne A, in D 1, 


<ijaj>toA, & a, 
<j. aj> to A, = ty. 
1) to A, e tf 


<jiaj> is A, = ij 


when i # j 
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to is A, . | Boo 


These functions are roughly the same as the oneof make; value_, and is. operations in 
CLU. 


We leave off the explicit in jection when an element is in boldface, since the injection is 
obvious. In addition, we write true and false. instead of (true in Bool) and 


(false in Bool). 


For every domain D, we define the function 
Cond: ° BoollxDxD+D — written if bool then dl else d2 
as follows: . -_ 
if true then dl else d2 = di _ 
if false then dl else d2 = d2 
if Lyoo, then dl else d2 28 dy 


For every domain D* we define the functions : 
Head: ; D8 Dees _ >) get first element 
Tail: D*+pD* — |’ get-all- but first element . 
Cons: Dx D* + D*- ‘add element at front 
Append: D* x D + D* add element at end 
Concat: D* x D* + D* concatenate 
Empty: D* — Bool test for empty list 
Same_size: D* x D* - Bool test for equal length 
Delist: (D*}* + D* “remove one level of nesting 


The definitions of all but the fast of these should be obvious. If we let X = D*, then Delist 
is defined as 
Delist(x*) = rec. if Empty(x*) 
then nilinD* — 
else Concat( Headix*), Delist(Tatl(x*)) 


Thus, for example (leaving out a number of in fections), 
Delistl< <<l; 2>; <8; 4>>; <<5; 6; 75; <&; Q>> >) = < i Q>; <3; 4>; <5; 6; 7>; <8; 9> > 
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Occasionaly it will be useful to treat elements of a domain D* as if they represent 
. unordered sets. For every function-free domain D*, we define the functions . 


Element: .D x D* + Bool written ded* 
Subset: D* x D* + Bool written di* c d2* 
‘as follows: 8 Se 


de a” = rec if Emptyid*) 
then false 
else d= Head(d*) v de Tata) 
di*cd2* = re if Emptyidl*) 
then true 
else Headidl*) € d2* A Taikdi*) c d2* 


Note that dl* c d2* simply checks that every element of dl* is an elernent of d2*; duplicate 
elements are allowed in both lists. 


Often when dealing with lists of elements from a preduct demain D = x As we will 


want fe collect into a list the ith component of each esas or every Sainte D*, where 
D= x A, , we define the functions 


i=l 
Hcctblebse DP+ As writen d*la, 
as follows: , 
d*la, = ree if Empty(d*) 


then nil in A,* 
else Foasliceuiie: ay Teikd* a) 


Sometimes we will want to “change” the value produced by a function for some 
particular argument. For example, we will use a funetion from identifiers to objects to 
represent variable bindings, and assignment to a variable will correspond to changing the 
object produced by the function for that ‘variable. ‘However, singe we cannot change 
Functions, we construct new ones instead. For every function domain. F=A- B, where A 
is a function-free domain, we defi ine the f unction 

Rebind: Fx AXB+F written fla ¢ b) 


as follows: 


fla¢ b] » dal. if alewa 
then b 
else fad 
Occrtionily we will want to take an element of one sum domain and treat it as an 
element of some other sum domain. For example, we might want to treat an element of a 
domain D* as an element of D*. For any two sum domains 
De(+ Bl elt ads (+ eg TeliEg ett ag + C+ Fg 


ii 
we define.the function 


Coercion: D+T written dtoinT 
as follows: 


dtoinT = if disA, 
then d to A, in T 
else if dis A, 
then d to A, in T 


else if dis A, 
then d to A, in T 
else dL; 


We leave off explicit coercions from. D* to D* for every domain D. 
3.4 Further Notation 


We define 
res <term; ob j*; env>=t ine 
to be an abbreviation for 
if tterm is Normal 


then let. <term; ob j*; env> =t ine 
else t 


when ¢ and e are (or " produce) . elements of the domain Result (defined in Chapter 6). It is 
this form that allows results with non-normal termination conditions to propagate through 
intermediate evaluations. Use of this form also has the desirable effect of allowing the 


result of a nonterminating computation (ie, Lpesyre) to propagate through. 


28 
We abbreviate 


let a, st, in 


let a, mt, in 


TOS Mey Cyey EF 


res ay wt, in 


let ars Renee | in 


let a, =t _in 


To decompose elements of a sum domain D =..+ A, we define 
ed oe 


cased 
elem a, of A; 
nee; 
elem a, of A, 
then e, 
else e 


and 


case d 
elem a, of A, 
then e, 


elem a, of A, 
then e, 
end 


to be 


to be 


Uf tdisA) 


— let es toA,) in e, 


‘ese f td is AD 


then tet aed AD st in ee 
else € 


 aisAy 


then let ae eRe. ine, 


else f(A AY) 
| then let ays =(d to A) in e, 
else 1 


There need not be an elem arm for every ‘domain A,. MS for tet expressions, the a, can be 


€Cy5 


;€> and fc, a} forms as 5 well as sie Raehalt iar. 


- 


Many of the functions. we will define take an element of a sum domain as. their first. 
argument, and perform different computations based on ‘the particular form: of that 
argument, In defining. a function. whose first argument -belongs, to. a sum. domain 
D-= + A we usually abbreviate 


gtd, ...) = case d 


elem a, of A; eee es 
then e, DO fla dO we, 
me ; to. ae 

elem a, of A, gla Ki...) = e, 
then i i 

end 


Similarly, we will sometimes treat a produ domain. D- = x cA, as if ft were a “unary sum 
domain” +D, and abbreviate 
gd,..) mw det Ta,..a Jed. 


in 
e 


to | moe | gia, .. aK...) = e 
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4. Syntactic Domains 


This chapter defines all of the syntactic domains used ‘in’ the thesis, domains whose 
elements either directly represent pieces of program text, of have a natural textual 
representation. First we present our abstract syntax for CLU,, and, then: the. Aransformed 
syntax. The relationship between these two sets of domains. shewhi be fairly ebvious and 
will not be elaborated ‘on there; the precise relationship & @éfined in the next chapter. 
Pinay. we give the forms of interface specif ications wae ” ti oe 


To improve the readability of these domain definitions, ‘we introduce a BNF-like 
notation. All domain names appear in lower case, “x” symbols are omitted when farming 
‘product domains, and I” syrabols are used in place of “+ syria when forming sum 
domains. This allows us to write 

when_arm = when name* ( deci* ) : bedy: : 
OO |) when name* («+ body 
instead of . 
When_arm: When x Name* x (x Deci* x }x 2 x Body 
+ When x Name® x (x 2x) x 3 x Body 
' This notation will be used only in this chapter. 


4.1 Abstract Syntax 


Two of the domains below merit special comment: Constant and Equate. These two 
domains contain extra akernatives that would not be found in a normal syntax. The extra 
alternatives represent the overlap that exists between the normal alternatives. In particular, 
the forms “idn" and “idnEconstant’ J" occur as both expressions and type_specs, and an idn | 
can additionally occur as a type_set. For example, in the equate x @ ¥ it is possible for 9 to 
name a type, a type_set, or an ob ject of some built-in type. Deciding which domain such a 
form actually belongs in requires semantic information; therefore the decision is made as 
part of legality-checking, not parsing. | 


_full.module :: 


module 


procedure 


iterator 


cluster 


decl . 
cond_spec 


restriction 


type_set os: 


oper_decl 


oper_name 
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a 


oe 
* 


ee RN OL el 


equate* module 


procedure 
iterator 
cluster 


idn = proc [ deci® J ( deci* ) returns ( type_spec* ) 


equate* 
statement* 
end idn 


idn = iter [ dec J ( deci* ) yleids ¢ peiaedl ) 


algnas ( cond_spec* .) where restriction*® 
equate* 
statement* 
end idn 


idn = cluster [ deci* 1 is idn* where restriction* 
‘équate* 
routine* 
end idn 


idn* : type_spec — 
name ( type_spec* ) 


idn has oper_deci* 
idn in n ype, set 


Cidn lidn has satus ‘equate* > 
idn 


oper_name* : type_spec 


name C constant* J 
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signats ( cond_spec* ) where restriction* 
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routine = procedure 
| iterator 


constant us expression 
| idn 
| idnC constant* J 
| type_spec 


body = equate* statement* 
equate z= idn = constant 

| idn = idn 

| idn = type_set 

| rep = type_spec 


ty pe_spec n= null 

bool 

int 

real 

char 

string 

any 

rep 

cvt 

type 

array [ type_spec ] 

recordL field_spec* J 

oneof [ field_spec* ] 

proctype ( type_spec* ) returns ( type_spec* ) signals ( cond_spec* ) 
itertype ( type_spec* ) yields ( type_spec* ) signals ( cond_spec* ) 
idn C constant* J 

idn 


field_spec ::= name* ; type_spec 


statement 


ae 
ae 


deci 
idn: type_spec = expression -- 
deci* :m invocation 
idn* := invocation _ 
idn* := expression* 
invocation : 
expression . name :m expression. 
expression [ expression J := expression 
if expression then body 

elseif _arm* 

end 
if expression then body 

elseif_arm* 

else body 

end 
while expression do body end 
return ( expression* ) 
yield ( expression* ) 
signal name ( expression* ) 
exit name ( expression* ) 
break 
continue 
begin body end 
tagcase expression 

tag_arm* 

end 
tagcase expression 

tag_arm* 

_ others : body 

end 
for deci* in invocation do body ‘end 
for idn* in invocation do body-end™ . 
statement except when_arm*ena@::: ~ 


statement except when_arm® 0 


others_arm 
end 


$4 
elseif _arm 


tag_arm 
when_arm 
others_arm 


expression 


invocation 


field 


a ee 


elseif expression then body 


tag name* : body 
tag name* ( idn : type_spec ) : body 


when name* ( deci* ) : body . 
when name* ( « ) : body ~ 


others : body 

others ¢ idn : type_spec ) : body 
nil 

bool 

int 

real 

char 

string 

type_spec $ name [ constant® J 
idn £ constant* J 

idn 

invocation 

type_spec $ € fieki* > 

type_spec $C expression* J 
type_spec $ £ expression : expression® J .. 
force [ type_spec J 
up ( expression ) 


_down ( expression ) 


expression . name 

expression [ expression J 

~ expression 

~ expression | ot 3 
expression bin_op expression . 
expression cand expression 


expression cor expression . 


expression ( expression* ) 


name” ; expression 


bool um true 

I faise 
real x= inte int 
char z= char int 
string z= char* 


bin_op rm wR 


We 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
\ 
| 
| 


The domain Int is the primitive domain obtained from the mathematical integers. “An 
element Lintl e int2] of Real represents the real number: intleio'**2, ‘The parser produces 
exact values for literals and, in the case of reals, normalizes the Values according to some 
scheme. For simplicity, the domains Name and Idn are both considered isomorphic to the 
domain String, although the parser guarantees that the actual elements used consist of 


lowercase letters, digits, and Da caabas (no Jeading digiv. 
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4.2 Transformed Syntax 


A domain name of the form "d_xxx" should be read "xxx desgrigtor”. 


mod 


= du = mod_form 


mod_form z= op_form 

| type_form 
op_form = routine [ idn* ]( idn* ) unit end 
unit = stmt* local idn* 
type_form = cluster E idn*® ] oper* end 
oper := idn = op_form 
d_type cM any 

| type 

| durecord 

| d_oneof 

| d_proc 

| d_iter 

| routine 

| dimod 

- | idn 
| bad © 


‘drecord::-: 


d_oneof Hs 


d_comp | on . 
d_proc ‘= proctype ( d_type* returns ( d_type™ ) signats ( d_cond* ) 
d_iter po 


‘oneot Cd-compt 3 


record’ E d.comp* 3 ate he deaiptent, 4 


itertype ( d_type* ) yields ( d_type* ) signais ( d_cond* > 


d_cond 


d_mod 


stmt 


elseif 


tag 


catch 


ee 


name ( d_type* ) 
du £ obj* J 


none 
idn* := expr* 
idn* := invoke 
invoke 
if expr then unit 
elseif* 
else unit 
end 
while expr do unit end 
return ( expr* ) 
yield ( expr* ) 
signal name ( expr* ) 
exit name ( expr* ) 
break 
continue 
begin unit end 
tagcase expr 
tag* 
end he Ye 8 
for idn* in invoke do unit end 
stmt except catch* end 


elseif expr then unit 


tag name* ( idn ) : unit 
tag name* : unit 
others : unit 


when name* ( idn* ) : unit 
when name* ( « ) : unit 
others : unit 

others ( idn ) : unit 
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-eXpr z= obj 
idn 
invoke 
d_type $ € comp* } 


| 
| 
| d_type $C expr : expr* J 
| up d_type ] (expr ) 

| down (expr ) 

| expr cand expr 


expr cor expr 
invoke m= expr ( expr® ) 
comp = mame : expr 
ob j z= val: d_type 


val z= nil 
bool 
int 
real 
char 
string 
array 
record 
oneof 
d_mod 
d_oper 
d_type 
idn 
obj 
bad 


oneof 


name : obj 
d_oper n= d_type $ nameL obj* J 


tset z= idn has op_deci* 
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op_decl e name C ob j* J: d_type 


The domains Bool, Int, Real, Char, and String are defined in the previous section. 
Array and Record are unique id domains, ‘and are isomorphic to the natural numbers. The 


domain DU is isomorphic to the ‘domain Idn; a particular element od DU is written simply 
as dU sen : without an n explicit in jection into DU. 


4.3 Interface Specifications 


~The domaiti DU_spec, representing interface specifications, is defined as follows: 


du_spec ne r_spec 
routine 

_ Lspec 
type . 
none 


r_spec. z= (€ d_parm* J: dutype 
t_spec = C d_parm* J: op_spec* 


op_spec = mame C d_parm* J: d_type 


d_parm z= idn : constraint 
constraint := d_type | 
| op_deci* 


The domains D_type and Op_decl are defined in the previous section. 


The domain R_spec is used for procedural and control abstractions; the d.type in an 
r.spec names a procedure or iterator type. T spec is used for data abstractions, the 
Op_specs represent the primitive operations. Type and Routine are used only when 


deriving interface specifications, as described in Chapter 2. 
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Formal parameters are described by an idn and a constraint. The idn is needed 
because it can appear elsewhere in the interface specification, and such instances have to be 
“replaced by an actual parameter to type-check instantiations of the abstraction. The 
constraint associated with a type parameter is a list of op_decis representing the operations . 
any actual parameter. must have; the constraint for any other parameter is simply the 


declared type of that parameter. 


To simplify our definition, the d_parm list in an op_spec contains both the cluster 
parameters and the operation parameters, in that order; the constraint associated with a 
cluster type parameter in this list contains the union of the renin bce by the 


cluster and the operation. 


Not all t_specs and r_specs represent legal interface specifications; ‘only those. produced 
by legality-checking are considered legal. Even the interface specifications of the built-in 
types and the array type generator can be produced this way. However, interface 
specifications for the record, oneof, proctype, and Wertype type generators cannot’ be 
represented as elements of T_spec because of the unusual form of. their parameters. These . 
generators are handled specially, as described in section 53. | 
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5. Hees 


_ To minimize the number of forward facies we define legality-checking from the 
‘ bottom up. We begin. by defining the domain CE. of compilation, environments. Then, in 
order, we define ‘the legality of type specifications, constants, . expressions, equates, 
Statements, interface specifications, and modules. In general, foreach domain Xxx of the 
abstract.synta x, we def inea f unction: : 
Cane: Xxx x CE - Xxx’x CE 
where Xxx’ is the corresponding domain in the transformed syntax. 


5.1 Environments 
Compilation environments are defined as follows: . 
CE: | “info: Info_map x specs: Spec_nap x up: D_type x parms: Obj* x 
down: D_type x locals: Idn* % used: Idnt* x-results: D_type* x 


cvts: Bool*: x sigs: Sig* “xolter: Boot x: chaster: Bool x loop: Bool x 
handles: Handle* x err: Bool 


Info_map: Idn > Info 
| Info: | | D_type + Constraint + Op_deci* + DU + R.spec + Routine + Ob j* + 
Tset + None 
‘Specmap: . DU-—» DU_spec 
Sig: . d_cond: D_cond x cvts: Bool* 
Handle: . _ Name* + Bihena Others. 


D_hand: names: Name* x d_types: D_type* 


#2 


info 


The meanings of the various components of a CE are: 
a mapping that holds information abeut the current bindings of all idns. The 
initial mapping ‘is ptovided by the aser; any ‘idins ‘bound if the initial mapping 


‘can (but néed riot) be used as external references. “The: — ‘of the various 


alternatives of the domain Info are: © 


dtype - 


the dectired type of a variatite. 


constraint - the constraint associated with # parameter. A non-type parameter 


op_deci* - 


rspec - 


always has this form of ififo; a type parameter only fas this form 

of irtfo after intérface specifications ‘are Gerived. 

a list for accumulating the restrictions qn a type parameter, used 

only when deriving interface specifications. A type parameter with - 
this form of info:és allowed: to‘have any and all eparations. 

the DU bound to an external reference. 


the interface ‘specification of a cluster routine. When a cluster 
_ routine. is referred to with 3a ida. rather than a name qualified by 
the abstract type, the use of the idn is checked with respect to this 


rspec, not with respect to the library.” Atthough both forms of 
reference transform to the same value when jegal, they are checked _ 
differently to allow unqualified references to hidden operations. 


_ (Hidden operations are not specified “iy the interface of the 


routine - 


abstraction.) 

used for cluster routines when deviving tnterface specifications. An 
idn with this form of info is considered a legal routine name, 
regardless of the number and types of parameters supplied. 


_ the evaluated conétaht bound to ah eqitkted identifier or ‘external 


reference. Note that types are. incladed. here as ob jects. - . 
the evaluated typeset bound to an equated identifier or external 


reference. 


specs - 
up - 
_parms 


down... 


locals 


used -_ 


results — 


PMS TE Es aeRO ae eS a a 
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none ~- the info for all-undefined.idas... 

the ‘part.of. the library mapping DUs to their-interface specifications. 

the abstract type when checking a.cluster, atherwise,the bad type. - 

the abstract type has the form “dulobj*y’; this: component contains the list obj*. 
the representation-type when cheching a-chaster, otherwise the bad type. 

a list of all currently defined local.idas. Ag tha end of. gach scoping unit, all idns 
local to that unit are made undefined: (ie, their defo. is set.to mone), and thus 
cannot be used subrequenty as external references. 

a list of all idns seen so far in ‘the’ ‘full_modute, ° “Every time an idn is 
encountered, ‘the idn is added to this ‘list. ‘An idn cannot be defined locally. if it 
has been used as an-external reference or it it is already defined. In both of 


these cases (but no ‘others), ‘the idn will have info other than none and airendy 


will be in the list of used idns. 

the return or yield types of the routine being checked. If cvt was used as the 
type specif ication for a result, thé representation type is used: in:this-tist.: 

a list of flags indicating which positions in the résifies Hit’ were declared with 
cvt. | paeia ie ao . 

for each exceptional condition listed in the signals clause of the routine being 
checked, this list contains an element describing ‘the exception:name, the types of 
results (with cvt replaced by ‘the representation type), ant flags indicating the. 
positions declared with cvt. The iit ‘also “edntdins an element for the failure 


exception. 


iter - 
cluster - 
loop) - 


handles = 


‘true:when checking-an iterator. 


true when checking a cluster... 

true when checking the body of a loop statement. 

a list ‘describing all exception ‘hilhdlers*surreanding: the current statement, in 
order from innermost to outtermost handler. The meanings < of the three kinds 


of handles are: 
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name* - a list of exception names, used: for-when arms that discard results. 
d_hand - a list of exception names ands (possibly empty tist’ of variable types, 
used for all'other when arms. ; ae 
others - used for both forms of there arms. For any given except 
‘staterient; the: handles for: adhered « yaar in the bandies list 
before the others handle. © 


err - true if any errors ‘have been detected. 


Only certain info Maps can be provided legally by the user for use in the CE. The 
legal info_maps are those which can be Generated with the funetign New_info_map using 
egal info_maps and legal, spec_maps, but arbitrary equates, as Arguments, As a basis, any 
sidered legal. _ Legal spec_maps are 


-info_map mapping igns solely to DUs (and nope) is cor 


discussed in Section 5.8. 


New_info_maplinfo_map, specmap, equate*) = 

let cel = Create_celinfo.map, spec.map) 

ce2 = C_equates(equate*, cel) 
in | 

if ce2err— 

_ then info map 
else ceQ.info 

C_equates is def ined in section 5.5. 


Create_ cclinfo_map, spec_map) » 
ane ee: spec_map; bad in D Rider Lopsst Dae sr: ional andl in Idn*; 
nil in Handle’, false> 


The. battems.indicate components that will be filled in before ane used. 


5.2 Type Specifications 


_ The major functions defined in this section are: 


C..type_spec: Type spec X CE sD ‘type >xCE 
C_type_specs:  Type_spec* x CE ~» D_type* x CE. 


Bad_ typetce) 5 bad in D ype: cel true e errl> 7 


- Has_badtd ype wi rec of Emptyid_type 
then false 
else heada yee): is Bad Vv Has_bad(Tail(d_type*)) 


C_type_specs(type_spec*, ce) = rec 


let <d_type; cel>.,-.=, . Cotype-spectHsadisype-spec), ce 
<d_type*; ce2> = C_type_specs\T allttype_spec*), cel) 
in 
if Empty\type_spec*) 
then <nilin D_type*; ce> ' 
else <Cons(d_type, d_type*); cel> 


C-type-spec. noe a <Udu,,,, C32 in D.types..ce>, ee 
We abbreviate "Lnitin Obj*]" to TF. 


C_type_specL boollce) a. <i duy,c9, E10.in, D_type; CRP cc 
C_type_specLintI(ce) = <Edu,,, C10 én Dtypes.cer 


Cltype_speclrealKce) = <idu..., [13 in D types ce>— 


‘et 


C_type_specLcharK(ce) = <fdu,,.. CI in Ditype; ce> 


cher 


C10 in Ditype; ce> 


C_type_specL stringlce) = Edu, ring 


C_type_specl any3ce) = <any in D_type; ce> 
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C_type_specl repl\ce) s if cedown is Bad 


then Bad_ typelce) 
else <cedown; ce> 


Rep cannot be used unless it has hen dato in 9m, quate 
C_type_specLevtKce) « Bod_typelce) 


C_ty pe specLtypelce) = Bad —typelce) 
Cvt and type can appear only as ‘top-level ‘type specifications in module 


headings, so we will check specially for: er and gtherwise consider them 
illegal. 


C_type_s pecl arrayltype_specIi(ce) = 
let <d_type; cel> = C_type_specltype_spec, ce) 
ob j* = E(d-rype in vabs s Ceype in ‘Dayped in ‘Ov of 
in 
if d_type is Bad 
then Bad_typetcel) 
else <Edu Cob j*IJ in Ditype; cel>_ 


Taneey 


C_type_s pecLrecord£field_spec* Ii(ce) = 
let <d_comp*; cel> = C_field_speestfield_spect, ce) 
d_compl* = = Order(d_ * name, ‘d.campt)- 
in 
if Duplicates(d_comp* tname) v Hos_bad(d_eomp*}d_type) 
then Bad_type(cel) . 
else <Lrecordid_compl* JJ in D.ype; cel> 


The order and grouping of selectors in tye text does. not matter, but the selectors 


must be distinct. 
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C_ty pe specLoneoftiel spec* Tice) x 

let <d_comp*; cel> = C_field_specs(field_spec*, ea 

d_comp|* st eco ae d_comp*) 
in 

if Duplicates(d_comp*tname) v Has bom .yp0 
then. Badatype(celd , 
else <Loneofld_compl*33 in Dayne cel> 
The order and grouping of tags in che ‘tent gas not matter, but the ae must be 


distinct. 


Order: Name* x D* + D* 
Order is defined for all domains D. The names are permuted to be in increasing 
lexicographic order, the D-list is permuted in the: ‘same ‘way, and the permuted 
. D-list is returned. The two argument lists must be the same length. 


. C_field_specs(field_spec*, ce) = rec 
let Cname*: type_spec] Heud(field_spet*) 
_<d_type; cel> C_type_specttype_spec, ce) 
d_compi* Get_d_comps(name’, d_type)” 
<d_comp2*; ce2> C_field_s pecs\T ail ield_specs*), cel) 


in 
if Empty(field_spec*) 
then <nil in D_comp*; ce> 
else <Append(d_compl*, d ~comp2"); ce2> 


Get_d_. com ps(name* , ditype) s rec . 
let dicomp = CHead(name*); d_typell | 
d_comp* = Get_d_comps(Tail(name*), d_type) 
in = ai 
if Empty(name*) 
then nil in D_comp* 
_ else Cons(d_comp, d_comp*) 
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Duplicatesa*) = rec if Emptyd*) — 
then felse - 
else” treadtd*)-« rena") yw Soaptianeslt ait. 


Duplicates is defined for al function ree — D. 


sry. BPS 


C_type_s pecLproetype: copes rota tena emia pat . 
let <d_typel*; cel> = C_type_speesttyperspedi®, of) 
ed sype2*; ce2>. « = Culype.specsitype spect’, cel). 
<d_cond*; ce3> = C_cond_specs(cond_spec*, cea) 
in . 
C_.proc_ty pe(d_typel*, d.type2*, d_cond*, ce3) 


Cu proc.type(d, typel?, ditype?*, d.cond*, cd o  * ~ 
let name* = d.cond* lname 
d ~condl® = (Order(name®, d 1_cond*) 
in. 
if Has_bad\d_typel*) v Has_bed(d _typee*) Vv Dupltestesname®) v 
("failure” in Name) € name* v. #194 bad\ Delisti_cond® id types). 
then Bad_typelce) 
else. <Lproctype (pet) creturee ‘meet ) signals (sma in D.type; 
ce> 
The order in which siete are listed in the text is wnlengertai A given name 
can only be used once as a oe name, and “ratte cater: ‘be specified 


explicitly. 


C_type_specLitertype desma) yleids Hames signals (ord sec Hee = 
let <d_typel*; cel> = C —type_specs(type_specl®, £2) z Bo 
<d_type2*; ce2> = C. Ly pe_specs(type_} Spec : cel) 
<d _cond*; ceS> = C_cond_specs(cond_spec*, ce2) 
in» , 
C_iter_type(d_typel*, d_type2*, d_cond’*, ced) 


C_iter_type(d_typel*;. dtype2*; d-cond*; ce) =< 
let name* . = d_cond*iname 
d_condl* = Order(name*, d_cond*) 
in Barat ge Gh NEES Fy ont 
if Has_bad(d_typel*) v Has_bad(d_type2*)v° Duptientes(name*) v 
failure”, in -Name).¢-name* -v. Mashed Delisttacomd*d.types)) 
then Bad_typelce) 
else <Litertype (d_typel") ylelds (d_type2*) signals (d. “condl*)3 in D type; 
ce> 
The order in which signals are listed in the text is unimportant. A given name 
can. only be used once as a signal name, and “failure” cannot be specified 


explicitly. 


C_cond_specs(cond_spec*, ce). = rec 
let Cname(type_spec*)I = Head(cond_spec*) 
<d_type*; cel> C_type_specs(type_spec*, ce) 
d_cond Ename(d_type*)3 
<d_cond*; ce2> = C_cond_specs\T ailcond_spec*), cei) - 


in 
if Empty(cond_spec*) 
then <nilin D_cond*; .ce> 
else <Cons(d_cond, d_cond*); ce2> 


C_type.s pec idn€constant* Tice) = 
let <objcel> = C _constant(Lidn€constant* 13 in Constant, ce) 
in 
if obj.d_type is Type 
then <obj.val to D_type; cel> 
else Bad_type(cel) ; 
Since this construct can denote various things, including types, when used as a 
constant, we simply check the construct as an arbitrary constant and then make 
sure the resulting object is a type. In this way the basic checking is centralized in 


one place. 
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C_type_speclidnI(ce) = let <obj; cel> = C_constant(idn in Constant, ce) 
in 
if obj.d_type is Type 
then <obj.val to D_type; cel> 
else Bad_type(cel) 


Again, we check the construct as a constant and then make sure the resulting 


ob ject is a type. 


5] 
5.3 Constants 


The major functions defined in this section are: 
C_constant: Constant x.CE + Obj x CE 


C_constants:  Constant* x CE + Obj* x CE 
Get_op_type.  D.oper x CE ~ D.type 
Subst: Obj* x Idn* x D+ D 


Get_op_type is used to check if an operation name is legal, and returns the type of the 
operation. Subst is used to substitute actual parameters for formal parameters, and is 


defined for every domain D. 


Bad_objce) = <I(bad in Val): (bad in D_type)]; celtrue.e err)> 


C_constants(constant*, ce) = ree let <obj;cel> = C_constant(Head(constant*), ce). 
<obj*; ce2> = C_constants(Tail(constant*), cel) 
in . i oe | 
if Empty(constant*) 
then <nilin Obj*; ce> 
else <Cons(obj, obj*); ce2> 


CL constantLex pression (ce) a 
let <expr;cel> = C_ expresston(expression, ce) 
in 
if Const_ ex priexpr) 
then let <term; obj*; env> = E_expriexpr, Primitive_enw0) 
in 
if term is Normal 
then <obj* to Obj; cel> 
else Bad_obfcel) 
else Bad_objfcel) 


For an expression to be legal as a constant, it must be a legal expression and a 
legal form of constant expression, and it must evaluate normally. Note that a 
legal expression only produces one object in the normal case, SO “ob j* j* to Ob;” 
cannot fail. Primitive_env returns an execution environment in which (only) the 


built-in types and type generators, the type routine, and the procedure generator 
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force have implementations. Primitive_env, Term, and Env are defined in 
Chapter 6. 


C_constantLtype_speclice) = let eee cel>- = .CLtypasspecttype_spec, ce). 
in 7 
<U(d_type rei Vals yl in D, type}; cel> 


C. constant Lidn Ice) = 
tet cel = celCons(idn, ce. used) @ used] 
in 
case ce.infolidn) 
elem constraint of Constraint 
then case constraint 
elem. d_type of D_type 
then <L(idn in Val: d_typel; cel> 
else <Etidn in D_type in Vals (type in B_type)d: cef>” 
clem odp_decl* of Op_dect* 
then <L[(idn in D type in Val): (type in D_type)l; cel> 
elem du of DU = 
then C_du_parms(du, nil in Obj* » cel) 
elem UCd_parm* 3: & type of R_spec 
then let name = Make_namelidn) 
in ; ' : ; 
C_op_parms(Lnameld_parm*}: d_typel, nil in Obj*, cel) 
elem routine of Routine , | 
then let name = Make_name(idn) 
d_oper = Cce.up$namet JI 
in 
<E(d_oper in Val: (routine in D. ype cel> 
elem obj of Obj 
then <obj; cel> 
else Bad. ob ficel) 


To be a legal constant, an idn must either be a formal parameter, or else name a 


non-parameterized abstraction, a cluster routine, or an ‘evaluated constant. 


Make_name: Idn ~ Name 


Make_name returns the name corresponding to the. given, idn. (Idn and Name are 
isomorphic domains.) 


C_constant€idn€constant* Tce) = 
let cel ~ = celConstidn, ce.used),@ used). 
<ob j*; ce2>. = Cconstants(constant*, cel) _ 
in , 
case ce.infolidn) 
elem du of DU 
then C_du_parms(du, obj*, ce2) 
elem LCd_parm*]: d_typel-ef Ruspec eae ae oe 
then let. name = ‘Make_namelidn) ne, Pop Pieniy ae 
in vo 
C-op-parmaCvared parc dJypelh, on 2) 
elem routine of Routine 
then let name «= Make_nametidn) 
d_oper = [ce.upGnamelod j* J] 
in oo, 
~ <(d_oper in Val): (routine in D.type)d; cel> 
elem obj of Obj 
“then Cu constantCidntconstant* 12 in as awa in Constant, ee 
else. Bad_obfice2). ce GA Pee 
The idn must name a parameterized: ‘gbutraction, a:cluster routine; or an evaluated 
constant. If the idn names an ob b ject, (evajuated constant), then this construct can 
be legal only if it is an ‘abbreviation for.an. dnvocation of a “fetch” operation. 7 
Rather than checking the invocation oe a we aay check the construct 


as a constant ex pression. 
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C_du_parms(du, obj*, ce) = 
det dimod = Odulob j*T3 
in 
" case ce.specs(du) 
elem LCd_parm*]: d_typel of R_spec 
then if C_parms(obj*, d_patt®, ce) 
then let d_typel = Substleby’, epaamulits wiger' 


in 
<E(d_mod in Val): d_typel3; ce> 
else Bad_obfce) 
elem routine of Routine 
then <{(d_mod in Val): (routine in D.typell;-te> 
elem {d_parm*]: op_spec*] of T_spec 
then if C_parms(ab j* ( d_parm*, ce) 
then Ad add im Bisype tn Vath faye tm B_sypel3; ce> 
else Bad_obj\ce) 
elem type of Type 
then <(d_mod in D_type in Vanvtiyperi Dtypd3;, « — 
else Bad_objce) 


If the DU is for a pidcenural o or contro! abstraction and the parameters are legal 

(or assumed legad,. a routine object is. eyurned. ed. Tf, the DU is for a data 

abstraction and the parameters are legal (or assumed: inet, & type.object is 
. returned... Otherwise, the reference is iagal... 


C. _op__parmsLnameld_parm*3 d. typeliob j*, ‘ce 
‘let objt* = ai sala =e a 
in. 
if Co ata 4-garm®, ce) 
then let d_typel = Substlobjl*, i eerahiian: dtype) 
d_oper = Lce.upSnameLobdj*I3 
in 
<&(d_oper in Val): d_typel3; ce> 
else Bad_objce) 


The cluster parameters are added in for pees ‘but they a are not included 
in the d gs "s actual parameter list. 
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C_parms(ob j*, d_parm*, ce) &. 
if obj*ld_type = Parm_types(d_parm*) 
then let constraint* = Subst(obj*, d_parm*tidn, d_parm*Jconstraint) 
in 
C_constraints(obj*, constraint*, ce) 
else false 
The types of the actual parameters must match exactly the types of the formal 


parameters, and all restrictions on type parameters must be satisfied. 


Parm_types(d_parm*) = rec if Empty(d_parm*) 
then nil in D_type* 
else let d_type* = Parm_types(Tailld_parm*)) 
in z 
case Head(d_parm*).constraint 
elem d_type of D_type 
then Cons(d_type, d_type*) 
else Cons(type in D_type, d_type*) 


C_constraints(obj*, constraint*, ce) = rec 
if Empty(ob j*) 
then true 
else if C_constraints(Tailiobj*), Tail(constraint*), ce) 
then case Head(constraint*) 
elem op_decl* of Op_deci* 
then let Lval: d_typel = Head(obj*) 
in 
C_op_decls(val to D_type, op_decl*, ce) 
else true | 
else false 
C_parms checks that the actual parameters are of the correct type, so if the 


constraint is an op_decl list then the corresponding actual parameter is guaranteed 


to be a type ob ject. 
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C_op_decls(d_type, op_decl*, ce) = rec 
if Emptylop_decl*) 


then true 
else let LnameLobj*]: d_typell = Head(op_decl*) 
d_type2 = Get_op_type(Ld_type$nameLobj* J], ce) 
in 


Includes(d_type2, d_typel) A C_op_dects(d_type, Tailop_ deci*), ce) 
We use Includes instead of strict equality because Get_op_type can return the type 


routine (if interface specifications are being derived). 
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Get_op_typeL.d_type$nameLob j* itce). » 
case d_type 
elem Crecord(d ~romp* II of D_record 
» then. bets: op spect . wi Recard_op. specste type te Dxecord). 
objl* -« sa el od 
in 
C ely tna Concatiob ji*, at seanee ce) 
elem Toneof{d_comp* I] of D_oneof .. 4 
. then let op_spée*- = Geass sacle ak teD. oneof) 
- » pbjl* - = Make_objs(d_comp*td_type) 
in , Be 
C_op-typelname, Concatobjl*,.obj%op_spec*, ce). 
elem d_proc of D_proc 
then C_op_type(name, ob fr, Prey op ree weo, ce) 
elem d_iter of D_iter O 
then C_op_type(name, obj*, eye ron an ce) 
elem routine of Routine hy! 
then C_op_type(name, obj*, Routineop_specs(), ce). 
elem Cdulobjl* 10 of D_mod i 
then case ce,specs(du) 
elem ULd_parm*3: een of een 
then C_op.type(name, sasha on ony ce) 
else routine in D_type - 
elem idn of Idn 
then case ce.infolidn) 
elem constraint of Constraint 
then C_ parmoplname, aby, constraint to Op_deci*) 
else routine ‘in Ditype " 
else bad in D_type” 


Record-ep.spees:  D_record +» Op: spec® 
Oneof_op_specs: | D_oneof -» Op_spec* 
Proctype_op_specs: D_proc +  Op.spect 

Iterty pe_ op_s pecs: D_iter + Op ~spect 


"Although interface specifications for the record, oneof, proctype, and itertype 
type generators cannot be represented as elements of T_spec, interface 


specifications for the operations of any particular instantiation can be represented 


as elements of Op_spec, as defined in Chapter 6. 


Routine_op_specs: -» Op_spec* 


Routine_op_specs returns the ears for: te pc type routine, 2s defined in 
Chapter 6. 


Make_objs(d_type*) = ree if: Emyty(d_type*) 
then nilin Obj? - 
ase tat dtype = Heatid_type) 
obj = L(d_typein Vad: we in Dtype)3 
in 
Constabj, Make_objs(Tailtd type*))) . 


C_op_type(name, obj*, op.spec*, ce) = rec 
let Cnamelld.parm* J: paren . peaiponres 
in 
if ee 
then. bad in D_type - 
else if name = namel 
then if C_parms(obj*, d_parm*, ce) 
then Substiobj*, -d_parm*tidn, dtype) 
. else bad in D_type 
else C_op_type(name, ob j*, Taillop_spec*), ced. 


C_parm_op(name, obj*, op_decl*) = yec let CnamelLobji*]: dtyped = Head(op_deci*) 
7 in agatansae 
if, Emptylop_dect") 
then hadia Dtype. 
else if name =namel A obj* = obji* 
then d_type 
else S.dscm renee obj*, eae cai: 


Const_ i ae u rec if Empty\expr*) 
then true 
else Const _txpriHeadtexpr*)) 1 A Const _exprsTaiiexpr*)) 


Const_expriobjl = —(obj.val is Idn) sue fi 
Parameters are allowed only as top-level region they cannot be used as 


arguments in invocations of constant expressions. <P 


{Ff a 
a 


Const_exprlidn] = false 

Const_exprld_type$teomp* >]: Const_exprild.typeSexpri expr*]} = false 
Const_ exprLupld SypeKienpels ® Const ~= pr downtexpr 3 s false 
eee expr expr cand expr2]. 5 Const exp expr a s false 


. Const aires prexpr*)3 = 
| of Constuexprs(exgr*) 
| then case expr 
elem Lval: d_type} of Obj 
then case val 
elem Ud: -iysslecateiten ju of D_oper 
then Const_typeld_typel) a. : 
SNA isaRy eran en 
else false 
else false 
else false 


Return_types(d_type) = 
case d_type 
elem Lproctype (d_typel*) returns (d_type2*) signais (d_cond*)J of D_proc 
then d_type2* 
end 


Const_types(d Lye) = rec if Emptyd_type 
then true 
else Const_typeHead(d_type*)) A. 
Const_types(T aild_type*)) 


Const_ty pel any] = Const_typeltype] = Const_type bad] = false 


Const_typeLidn] = Const_typeld_record] = false 
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Const_typeLd_oneof] = true 


Const_typeld_proc} « Const_typeld iter} Const_typd routine) « true 


Const_typeLd_mod] = let Cdulobs*Il = d_mod 


Subst: 


in ; 
QUE <dUaiag | agg) Mane} Mpeg yt MMgnars Me eeing > - 
Obj x Idn* xXD7D., _ 
Subst is used to substitute actual parusers for formal parameter, and is defined 
for evety domain D.’ “Sicbsttctoy*: tan", ett drei w wbinibidliviedens | 
its third argument as follows. Let obj be an element a and Jet. idn be, the 


corresponding element of idn* (che two lists must be of pat angt Then Subst 


replaces all occurrences of 
idn in D_type in Val 
and 
idn in Val 
with 
ob j.val se 
We need to substitute for two different forms because formal, type, parameters 


appear differently than other formal parameters. desienice ho - pike: occur in 
both forms. 


5.4 Expressions 


‘The ma jor functions defined in this section are: 
C_lexpression: | Expression x CE - Expr x CE 
C_expressions: _ Expressian* x CE + Expr* x CE 
C_invocation: Invocation x CE - Expr x CE 


T ype_of: . Expr x CE - D_type 

Ty pes_of: Expr* x CE ~ D_type* 
Includes: | D_type-x D_type + Bool 
Include: - D_type* x D_type* + Bool 


Type_of and Fypes_of are used to obtain the syntactic types of expressions. /ncludes and 


include define the type inclusion rule. 


Bad_exprice) = <I(bad in Val): (bad in D_type)3.in Expr; celtrue e err)> 


C_expressions(expression*, ce) = rec - 
let <expr;cel> = C_expression(Head(expression*), ce) 
<expr*; ce2> = C_expressions(Taillexpression*), cel) 
in oe “ 
if Emptylexpression*) 
then <nilin Expr*; ce> 
else <Cons(expr, expr*); ce2> 


C_expressionT nil(ce) = let ditype = [du,,,, 


C13 in D_type 
in : 


<[(nil in Val: d_typel in Expr; ce> 


C_expressionLboollce) = det d_type = Cdu,.,, CHD im Ditype 
in 
<[(bool in Val): d_typell in Expr; ce> 


C_expressionLintI(ce) = if L_intlint 
then let dtype = Cdu,,, CIB én D_type 
in ie 4 
<(int in Vall: d_typed in Expr; ce> 
, . else Bad_exprice) 
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C_expressionLreall(ce) = éf L_real(real) 
then let dtype = Tdu,,,, 
reall & is gieahts 
in 
clreall in Vabs sank Expr; ce 
else Bad_axprice) 3 


ss in a ners 


C_expressionEcharKce) = if L_char\char) -_ 
then let d_type = Cdu,,,,, (1) in D_type 
in 
<(char in val: d typed in Expr: ce> 
else Bad ek price) ‘ 


C_LexpressionEstringHce) = if L_string(string) 
then let d oe - ra 
. in 
aisting in n Valid cipal: in n Expr ce> 
else Bad. —exprice) oh 


CIB in D_type 


Matring 


The parser produces elements of the domains Int, Real, Char, and String that 
correspond exactly to the litetals used in the text. However, an implementation 
can impose certain restrictions as to which elements dtd aetuatly teal atid, in the 


case of reals, need only provide approximations to the téq 


d values. These 


restrictions are embodied in the functions L_ini, Led, ' Leche, L_string, and 


Approx, as defined in Chapter 6. 


C_expressionLtype_s specSnamefconsiant® 1i(ce) - 

let <d ae cel> = C_type_ specltype_spec, ce) 
<obj*; ce2> = C.¢onstentstepnstant®,. cel) 
in | a 


C_d_oper\€d_type$namelobj*I3, ce2) 


C_d_ oper(d oper, ce) = let ditype = Get. seagate, ce. 
in 
yf d _type is Bad 
then: Bad_exprice) 
else <L(d_oper in Val); ditype in Expr; ce> 


C_expressionLidnfconstant*Ii(ce) 
let info = ce.infolidn) - 
in 
if ~(info is Ditype v info ts Obj: 
then let <obj: cel> = C_constant(Lidn{constant* JB in Constant, ce) 
e ae ore 
if obj.d_type is Type 
then Bad_expricel) 
else. <obj in Expr; cel>. 
else if constant* is Constant 
then let expression! = idn in Expression 
in : rer ees 
case constant* to Constant 
elem expression? of Expression 
then C. ek deeb aiwarases aly in —— ce) 
elem type_spec of Type_spec 
then Bad_exprice) 
else let xpressons = constant® fo Constant to_in Expression 
in 
ae bade ds sioateierel sheer lice in hau, aiapantl te) 
else Bad_exprice) 
If the idn is not a variable and does not name an ob ject, the construct is checked 
as a constant expression. Otherwise the construct,.is only, legal if it is an 
abbreviation for an invocation of a “fetch” operation, in’ which case there can be 


“only one-constant and that constart' carmot bea type_spec: 


C_expressionLidn (ce) a if ce. infolidn) is D _type 
then <idn in Expr; ce> 
else det <obj cel> = ‘ee _constaattidn in Constant, ce) . 
in 
if obj.d_type is Type 
then Bad_expricel) 
else <objin Expr; cel> | 
The idn must be either a variable, a non-type parameter, or a constant expression 


to be legal. 


| 64 


C_expressionLinvocationMce) = let <expr;cel> = C_insocation\invecation, ce). 
in : 
case expr 
elem invoke of Inyake.-. 
then Af Rendddgpestinvoke, | cai) ds D.type 
then <expr; cel> 


else iid ates 
else Bad_expricel) . . 


An invocation can return only one ob ject .when: used asen ee 


C_invocationT expression(expression* )I(ce)_ = 
let <expr;cel> = C_expression(expression, ce) 
<expr*; ce2> = C_expressions(expression*, cel} 
in . ss 
— C_callexpr, expr*,  ce2) 


C_calllexpr, expr*, ce) = 
let ditype* = Typesoflexpr*, ce) 
in 
case Typeofiexpr, ce) 
elem Tproctype (d_typel*) returns (_sype2*) signals (d_cond* )3 of D_proc 
then if Includedd_typel*, d -type*) C_d_condsid_cond®, ce-handies) 
then Lexpr(expr*)2 in Expr; a> oe 
~ else Bad_exprice) — 
else Bad_exprice) 


For an invocation to be legal the arguments must-be of. the correct. eypes, and all, 
exceptional conditions that can be raised must be legal with respect to the 


surrounding handlers. 


C_d_conds(d_cond*, handie") = rec if Empty\d_cond*) 
then true 
else C_d_cond\Head\d_cond*), handie*) 
— C.dconds\Teitd_cond*), handie*) 


C_d_cond(d_cond, handle*) = rec 
if Emptyhandle*) 
then true 
else case Head(handie*) 
| elem name* of Name* - 7 
then d_cond.name € name* v C_dcond\d cond, Tetlthandte®)) 
elem. <name*; d_type*> of D_hand 
then if d_cond.name € name* 
then d_cond.d_types.= d_type* 
else. C_d_cond(d_cond, Telithandie*) 
elem others of Others 
then: true 
end 


_ A handler need not exist for every ‘exceptional condition raised by an invocation. 
If a handler does not throw results away then the types of the results must equal 
the types of the receiving variables. 


om ex pressionlLtype.spect(Cield* 2 Hce)_ . 


let <d ype: cel> = C_ ee ce) 
<comp*; ce2> = C fields( field™, es: 


comp]* = Order\comp*éiname,: amet 
name* = compl*iname. 
d_type* - Tope sfecop lee, ceo) 
in 
case d_type 


elem Lrecord£d_comp*]3 of D_record 
then if dcomp*iname = name* a Inctudetdoongp* 4p d.sype") 
then <Ld_type${comp*)] in Expr; ce2> H 
else Bad_exprice2) : 
else Bad_expr\ce2) 


The order and grouping ‘of ‘Compertents ‘in the: text does hot matter but every 
_ component must be initialized with an bp of the’ Proper type. The components 
are reordered only for type-checking; they. appe 


a in the transformed expression 


in the order in which they were written. 
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C_fields(fietd*, ce) = rec 
let Lname*: expression] = Head(field*) 

_ <expr; cel> = CLexpression(ex pression, ce) 
comp]|* = Get_compsiname*, expt) 
<comp2*; ce2>_ = C_flelds\Taikfield*?, eel) 

if Empty(field*) 
then <nilin Comp*; ce> 
else <Concat\comp!*, comp"); ce2> 


Get_comps(name*, expr) = rec let comp « CHeadiname*h expra 
comp* = Get_comps(Teiiname’); expr) 
in 
if Empty(name*) 


then nilin Comp* | 
else Constcomp, comp*) 


C_expressionLtype_spec$Lexpression* ]K(ce) = 
C_expresston& type_spec$L(1 in Int in clean exprenin Mes) 


C_expressionLtype_spec$Lex pression: expression* Jiieed s 
let <d_type; cel> = C_type_specltype-spec, co 
<expr;ce2> = C_ex pression(ex pression, -oeb 
<expr*; ceS> = C_expressionstexpression®,. of@) | 
_ d_type* = Types_ofiexpr*, ce3) 
in 
case d_type 
elem Ldulobj*I3 of D.sod 
then if du=du,.,4)_ 
then let obj = obj* to Obj 
in 
if lategerlexpr, ce) A Includes.alobj. val to-D.type, d_type*) 
then <id_typeSlexpr: expr* JB in Expr; ced>. 
else Bad ex priced) 
else Bad_exprice3) 
else Bad_exprice3) 
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C_expressionL forceltype_specli\ce) »= 
let <d_type;cel> = Cutype_specltype.spec, ce 
ob j* = [(d_type in Val): (type in pate in Ob fr 
-dimod * «= [du,, Cobj*3d | 
d_typel* = any in D_type in D_type* 
d_type2* = d type in D_type* 
d_cond* = [("wrong_type” in Name}(nit in seis inD send 
d_proc = Cproctype (d_typel*) returns (d_type2*) signals (d_cond*)3 
in . FS 
if d_type is Bad 
then Bad_expricel) . 
else <{L(d_mod in Val): (d_proc in D.type)]; cel> 


C_expressionL up(expression) ce) = Let <expr; cel> C_expresston(expression, ce) 
| dtype = Type_oflexpr, cel) 
in - . . 
‘if cecluster A Includes(ce.down, d_type) 
then dLuplce.upKexpr)3 in Expr; cel> 
else Bad_expricel) 
We explicitly include the abstract type in the transformed expression n because it is 


needed to define evaluation. . 


ee byes sone dmccntexgreetleciiloe = let <expr; cel> = C_expression(expression, ce) 
: od_type a Type_oflexpr, cel) 
in. | 
if cecluster A d_type = ce.up 
then. <C downtexpr)] in Expr; cel> 
. dse Bad_expriced - 


om cei tisoek os preicnoarence . 
C_op_call\ Add_get_(name), expression in Expression’, ce) 


Add_get_: Name+ Name . 
Add_get.. seme adds “get_ "to the beginning of the name. 


ethan HERA FS aD Le ons 
t 
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C_ex piecslenben presen exp cents z 


let expression* - SvLaetin oo Sapam! : 


in. cay 
C_op_call"fetch” in Name, expresion* ab 


: BORD Ae Gh Ya oo 


C_expressionL~ expression Ice) ix 


acdsee sails spe are ee. 


C_expressionT- exprestiondice s ; 
C_op_call("minus” in Name, ‘expression in in Expression®, ce) ee 


a 


ea Sb ia 


C_ex pressionLex pression! bin_op. expression2 ice) = 
if bin_op = Base_optbin_op) - a 
then let. cnanennie = , sexpressionl. expression2> in Ex pression” 
An, 
c op call(O p_nametbin.0p expression’, ce) 
else let bin.opl =. =. Base_op\bin_op) 
i bin.opi expression? én Expression 


. in 5. Se 
pose Cex pression ~ exp res on33 fn Expreuon, sin 


3 1g. ge #4 feck eS 


Op_nameL xx] = “power” in Name aa > Kash.te Bin.op.. 
Op_nameL//3 = “mod” in Name pet s £//3 in Bin_op 
Op_namel 7R wm "alvin Name!) 5). > Ban_op lt! 0 Bipen Baap 
Op_namel x3 a “mul" in’ Name 2%.  pase-opl el » Cx}.in Bin_op 
Op_nameL IT = “concat” in Name Base 3 s Cilhin Bin_op 
Op_nameL +] wad" te Name =  Baipepe]. o- Lek in Bin_op 
Op_namé-3 9 w “Sub? m-Matne Paseopl-} = L-] in Bin_op 
Op_namel <<] ow “It” in Mate: Base opi<) ~ & LiGbiin Binop 
Baseopl~<1 = E <3 in Bin_op 
Op_nameL <ul = “le"inName  =—-—s-—sBase_vgl ad WEG Bii_op’ 
es “Ama aiagh SUR edd MBs 
Op_namel=3 = “equal” in Name es ae {Le} in Bin op 
| | Bese wed as CTE Bin_op 
Op_nameL>=] = "ge“inName °° ‘Baseegc ould a! BSB tn Bansop: 
. Base_opl~>a] « €>23 in Bin_op 
Op_namel >I ow “gt” in Name | Baseopf>] -« £>3 in Bin_op 
. | Base_opl~>3 = L>3 tn Bin_op 
Op_namel &I- = “and” in Name Baseopl&] == C&l in Bin_op 


Op_nameLll = “or” in Name Baseopt) = EID in Bin_op 


C_op_calliname, expression*, ce) = Jet. <expr; cel> = C.op_inoiname, expression*, ce) 
. case “expr, 
elem invoke of Invoke 
then if Result_typestinvoke, cel) is Dtype 
"then <expr; cel>- 
else Bad wxpricel) 
else Bad_expricel) 


C.op_inu(name, expression*, ce) = let <expr*;cel> = C_expressions(expression*, ce) 
d_type. = Type.ofiHeadlexpr*),. cel 
expr Ce2> . C_d_oper'Ld_typeBnamel Ti, cel) 

in oe 
C calexpr, Tautexpr, ce2) 


For abbreviated forms of IBY OROM, the exact operation to invoke is determined. 


by the type of the firstargument.. 


C_ex pressionLexpressionl cand expression2H(ce). = 
let <exprl; cel> = C_expression(expressionl, ce) 
- <expr2; ce2> = C_expression(expression2?, cel) 
in bs: 
if Boolean(exprl, ce2) A Boolean(expr2, ce2) 
then <Lexprl cand expr2] in Expr; ves 
else Bad_ ex price2) - 


CL ex pressionLexpression1 cor expression2 ce). = 
let <expri; cel> = _expresstontexpression, ce) 
<expr2; ce2> = C_expression(expression2, cel) 
if Boolean(expri, ce2) A Boolean(expr2, ce2) 
then <Cexpri cor expr2l in Expr; ce2> 
else Bad_exprice2) 


Bodeaneior: ce) = Type_oflexpr, ce)« (Cdu,,., CID in D_type) 
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Sieiatlecpe® ce) = rec if Emptylexpr*) 
then true 
else Besloon Hi cedex”) ce) A | Beolbans(T eilexpr®), ce) 
Integer(expr, ce) = Type_oflexpr, ce) = (Edu,,. rm. in D_type) 
Type_oftob jee) = ob j.4_type 
Type_oflidnIce) = ce.intotian) to D-type 
Typeoftd “ype8eomp* co ‘ yp 
Type of, type$Lexpri expr* Tice) = Laype 
Type_ ofl uptd -typelexpr)Kce) ad ype 
_Type—ofl down(expr) Ice) = cedown . 
Type_ofLexpri cand expr2ZKce) = Cdu,,,, (Jdin Dsype 
T ype_ofkexpri cor expr2Kce) = Cy go; CIN te B.sype 
Type_oflinvokeHce) = Result. typestinvgkse,. 0 0 Daten, 


Types_oflexpr*, ce) = rec if Emptylexpr*) ; 
then nilin D. _type* 
else Cons\T ype_oftHead\expr*),. oe), 
Types_of\Tailexpr®), ce)) 


Result_typesLexpr(expr* Ice) = Rear PTA ce) 


Includes_all(d _type, d_type*) = if Empty(d_type 
' then true 
else Includestd_type, Headtd_type*» A 
Includes_all(d type, Taild type" 
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Include(d_typel*, d_type2*) = rec if Emptyid_typel®) v Emptyd_type2*) | 
then d_typel* = d_type2* 
alse . Includes Head\d. sypel"), . Head(d_type2*)) 
. IncludeT aitt'd_typel*), Tail(d_type2*)) 
The two lists must be the same length and each type in the first list must include 
the corresponding type in the second list.. 


Includes(d_typel, d_type2) = if d_typel is Bad v d_type2 is Bad 
then false 
else if d -1ypel = =d en vd typel is may, 
then true= 
else if dctypets is Routine 
then d_type2 is Diproc v ditype2éis Duiter 
else if d_type2 is Routine a 
then d_typel. is D_proc v d_sypel ts Less 
elsé false - 


The type bad does not include and is not indluded in any type. The type routine 
includes and is included in every procedure and iterator type. . 
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5.56 Equates 


In this section we define the legality: and meaning of equates with the function 


. C_equates: Equate® x CE’ ~ CE 
"We also define the function 
Add_info: Idn x Info x CE + CE 


which is used to define. local identifiers. 


Equates are checked as follows. We define a function domain Perm, consisting of 
permutation functions for the domain Egat That. is, elements of this domain have 
functionality 

Equate* + Equate* 
and each element of | the domain satisf ies 


perm(equate*) c equate* A “equate® c pene A 
Same —sizetequate®, perm(equate*)) 


for all elements of Equate*. To check a list of equates, we e collect ail permutations of the 
Mist that are legal when checked in linear order. If at least ‘one such permutation exists, 
then the equates are legal. The meaning of the equates is then obtained by evaluating one 
such permuted list; since all legal permutations will have the same meaning, the particular 


one we choose does not matter. 


C_equates(equate*, ce) » 
let cel = celfalse e err) 
ce* «= {ce2| Jpermlce2 = E_eguates(perm(equate*), cel) A -ce2.err)} 
in 
if Empty(ce*) 
then celtrue e err) 
else Head(ce*)ice.err e@ err) 


The use of set notation is informal here, as is the use of existential quantification. 
However, it should be clear that one could define a een function to do the 
same thing. 


E_equates(equate*, ce) = rec if. Emptylequate*) 
then ce 
else let cel = E_equate\Head(equate*), ce) 
in 
E cereereattat arate cel) 


EL sauna = constant]\(ce) m let <obj; cel> = COREE nua, ce) 
. in 
Add_infolidn, obj in Info, cel) 


E_equateLidni = idn2Kce) = case ce.infolidn2) 
elem tset of Tset 
then let cel = celCons(idn2, ce.used) @ used] 
. & Ba Lee ag ; ; 
Add_infolidnl, tset in Info, cel) 
else let <obj; cel> = C_constent(idn2 in Constant, ce) 
in | : : : 
Add_infdidnl, obj in Info, cel) 


E_equatelidn = type_setI(ce) m= let <tset; cel> = C_type_set(type_set, ce) 
oe ware 
Add_infolidn, tset in Info, cel) 


The definition of C_type_set is deferred to.section 5.7. 


E_equatelrep = type.specI(ce) = let <d_type; cel> = C_type_spec(type_spec, ce) 
in 
if cedown is Bad A ce.cluster 
_ then celld_type.e down] 
else celltruee@err] — 
The representation type can be defined only within a cluster, and only once 


. within a cluster. 
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Add_infolidn, info, ce) = let cel = cefConstidn, ceased) @used) 
: in iy . 
if ce.infolidn) ts None v —(idn € ce.used) 
then let infomap = ce.infolidn + info) 
| th 
cellinfo_map é info Constiai, = Wels) e Kicals) 
elge celitrdd@ eft} i cia 
An idn cannot be defined locally if it has been tised as ani extetfial reference or if 


it is already defiried locally. 
5.6 Statemeite 


The ma jor functions defined in this section are: 
C_statement. —-Stareiienit CE > Sittin x CE 


C_body. By 7X CE + UH x CR 
C_xbody: _ Deci* x Body x CE + B_type* x Unit x CE 
Restore: OE © C8 1H # CE 


C_xbody is used. to check those tag, when, and others arms in. which, variable declarations 
appear prior to the body. Restore is used to reset the GE at the ai of a scoping unit, and 
to generate a list of all variables aefitied if ditt: weit the arguine i sate thie CEs before 
and after checking the unit, respectively. - i 


Cz joshi aieies statement® Ice) 
let cel ‘Cdgtatestequate®, 
<stmt*; ce2> = + Csi sii, ten 
<idn*; ce3>_ = alae alae ae 
in ; 
<Cstmt* local idn*]; ce3> 


Restore\cel, ce2) = Fix_infolce2.locals, ce2.info, cellce2.uséd @ used}ice2.err @ err) 
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Fix_infolidn*, info_map, ce) = rec 
if ‘Emptylidn*) 
then <nilin Idn*; ce> 
else let idn = Head(idn*) 
<idnl*; cel> = FixinfolTailidn*), info_map, ce) 
in 
if idn € ce.locals 
then <idni*; cel> 
else let infomapl =  celinfalidn © none in Info] 
ce2 = cellinfo.mapi e info) 
in | 
if info_maptidn) is Dtype 
‘then <Considn, idnl*); ce2> 
else <idnl*; ce2> _ 


Only those idns defined local to the given scoping unit are made undef ined, not 


those defined in a surrounding unit. 
Bad_stmt(ce) = <none in Stmt; celtrue e err]> 


C_statements(statement*, ce) = rec ; 
let <stmt;cel> «= Cstatement(Head(statement*),, ce) 
<stmt*; ce2> = C_statements(Tail(statement*), cel) 
in | 
if Empty(statement*) — 
then <nil in Stmt*; ce> 
else <Cons(stmt, stmt*); ce2> 


C_statementideciHce) » <none in Stmt; C_decls(decl in Deci*, ce)> 


Declarations will not cause any immediate action during execution. 


C_decls(decl*, anu rec let Lidn*: type_specd = Head(decl*) 
<d_type; cel> = C_type_spec(type_spec, ce) 
ce2 = Add_infostidn*, d_type in Info, cel) 
in 
if Empty(deci*) 
then ce 2 
else C_decls\Tail(decl*), ce2) 
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Add_infos\idn*, info, ce) = rec if Emptylidn*) 


then ce . 
else let cel . Add_tifed Heredia"), info, ce) - 
in BAe at tenet) ps vies oe ; 


| Add_infor aittidn*), info, cel) 


C_statementLidn: type_spec := expression](ce) = 

let <d_type;cel> = C_type_specitype_spec, ce) . 

ce2 «= Addtnfolian, ditypein infe, ced 
<expr; ce3> = C_expressiontexpression, ce2) 
in 

if Includes(d_type, Type_oflexpr, ce) ne 
then <L(idn in Idn*) sm (expr in gas tira Cte 
else Bad_stmt{ce3) 


C_statementL decl* 5 : invocation Ice) a 
let cel = C_decls(deci*, ce) 
idn* = Delistideci* lidns) to_in Idn* 
in . 
C_statement(Lidn* := invocation] in Statement, cel) 


C_statementLidn* := invocation Mce) = i 
let <d_type*; cel> = Get_declstidn*, ce) 
<expr; ce2> ss =_ C_invocationlinyocation, cel) 
in 
case expr 
elem invoke of Invoke 
then if ~Duplicatestidn*) a Includeldtype®, Result_typestinvake, c2)) 
then <Lidn* :« invoke] in Stn; cee 
else. Bad_stmt(ce2) 
else Bad_stmt(ce2) 


C_statementLidn* := expression* Ji(ce) = 

let <d typel®; cel> = Getdecis\idn*, ce) ee 
<expr*®; ce2> = C. riguaarcak cel) 
d_type2* - Tabes.ofexpr. We). 

in opis 

if ~Duplicatestian*) A. panne ‘dutypez®) ; 
then <Lidn* :# expr*] in Stmt; ce2> 
else Bad_stmt(ce2) . 


Each expression must evaluate toa dagle ob pe 


Get_decls(idn*, ce) = rec 
if Emptylidn*) . 
then <nil in D_type*; ce> 
else let <d_type *cel> = Get declstT. aida, ce 
in 
case ceantotfbeedtidn®)) 
elem d_type of D_type 
then <Céns(d_type,d-type*); cel> 
else <Cons(bad in D_type, ‘d_sype"); cell true'eerr)> 


The idns must be Gerlared variables. 


C_statementLinvocationce) = let <expr; cel>' = cancion avs ce) 
in ot 
case expr 
“elem invoke apf inven 
then <invoke in Stmt; cel> 
else Bad_stmr(cel) 


C.. statementCexpressonl name 8 expression2iKce) = 
let expression® = <expressiont; “ expression2> in Expression* 
<expr; cel> = C_op_inu( Adld_séttndmie), expression*, ce) 
in : ea nn ee 
case expr . 
elem invoke of Invoke 
then <invoke in Stmt; cel> 
else Bad_stmt(cel) 
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Add_set_: Name Name 
Add_set_ simply adds “set_” to ~ Deginning: or thé name. 


CL siaiccu ican cieilen lta eocianss 3m expt 

let expression* = <expressioni; expression2;. expressionS> in Expresion* 
_ <expr; cel> = C_op_inut "it oe Sw, epee”, ee aie 
in 

case expr. 
elem invoke of Invoke 

then <invoke in Stmt; cel> 

else Bad_stmt(cel) 


C_statementUif expression then body elseif_arm* endiice). = 
let bodyl = L(nilin Equant’ (nil in Statement®)]. 
in 


C_statementLif expression then body elseif _arm* bamianti ondce 


C_statementt if expression then bodyi elseif _arm* ae »-bo ody2 svanala a 
let <expr;cel> =. Cee pression(expression, se) ins 
<unitl; ce2> = C_body\bodyl, cel). 
<elseif*; ce3> = C_elseifstetseif_arm*, ce2) 
<unit2;,ce4> #¢ AAT 
in 
if Hobledilescor: cet) A. BooleansCelself* Lexpr, cet) 
then <Lif expr then unitl elseif* elae unit? end] in Strnt; ce4> 
else Bad_stmt(ce4) 


C_elseifstelseif_arm*, ce) = rec 
let Leiself expression then body] = _ Headlelseif_arm*) 


<expr; cel> - Cuan pression(en peasie 

<unit; ce2> | 7 » Cbodxeedy,. cel) 

elseif : | ~ Lelself expr then unit] 

<elseif*; ce3> © C_elseifstTathelseif _arm*), ce2) 
in 


if Emptyselseif_arm*) 
then <nil in Elseif*; ce> 
else <Cons(elseif, elseif*); ce3> 


C_statementL while expression do body endi(ce) = 
let <expr;cel> = C_expression(expression, ‘ce) 
<unit; ce2> = C_bodylbody, celt'true'é Wop) 
ce3 = ce2ice.loop @ loop) oa 
in Pad 
if Boolean(expr, ce3) 
then <Cwhile expr do unit end] in on cede 
else Bad_stmt(ce3) peers, 


Break and continue statements are allowed in the body. 


Cs statementZ.reruraexpresion ice) » 
let <expr*; cel> = C_ ex pressions(expression®, ce) 
d_type* = Types_oflexpr*, cel) 
in . dai | 
if (ce.iter A Emptylexpression*)) v (-ce.iter A Include(ce.results, d_type*)) 
then let expri* = C_cuts(expr*, cel.cvts, cel) 
in 
<Lreturn(expri*)3 in Stmt; cel> 
else Bad_stmt(cel) . 


An iterator cannot return any ob jects. C_£pts is used. to make explicit all implicit 
ups. . 


C_statementl yield(expression* )I(ce) = 

let <expr*; cel> = C_expressions(expressian®, ce). 
d_type* = Types_ofiexpr*, cel) 
in 
if ce.iter A Include(ce.results, d_type*) 


then let expri* = C_evtsexpr*, cel-cvts, cel) 
in 
<Lyield(expri*)3 in Stmt; cel> 

else Bad_stmt(cel) 


_ Only iterators can yield ob jects. 
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C_statement@ signal nameCexpression* Ice) =. oe 
let <expr*; cel> = C_expressionslexpression’,. oH... 
d_type*- = Types_oflexpr®, cel) - =. 
<bool; bool*> = C_siginame, d_type*, ce.sigs) 
in a 
if boot | ee Sat 
then let expri* = C_cutsexprs*, bool®, cel) 
in . F ~e ia an F 
<Lsignat name(exprl*)3 in Stmt; cel> 
else Bad_stmt(ce)) 


C_siginame, d_type*, sig*) = rec 
let <d_cond; bool*> = Head(sig*) 
Enamel(d_typel*}3 = d.cond | 

in 

if Empty(sig*) 
then <false; nil in Bool» 

else if name = namel 
then <Included_typel*, d_type*); bool*> 


else’ Csighwiene, type", Toittsig) =~ 


C_cutstexpr*, bool*, ce) = rec 
let expr = Head(expr*) 


in 
if Emptyexpr*) 

then nil in Expr* 
else if Head(bool*) 

then Cons(Luptce. upKexprd in Ee en . 
else Constexpr, expri*) : 


expri* = C_cutsTaikexpt), Teitbeal®), ce =. - 


pedicel of teyteidl ori. hah cages oS ae ee na ROG apa ENA a Saige OR Ce Be an tr ae 
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C_statementl exit vibacctegiprension la! a 
let <expr*; cel> © C _expressions(expression®, ce) 
. d_type* = Types_oflexpr®,. cel), 
in 
if C_exit(name, d_type*, cel.handles) . 
then <Lexit name(expr*)3:én Stmt;. cel 
else Bad_stmt(cel) 


C_exit(name, d_type*, “ handle!) = re 
if Empty\handle*) 
then false 
else case Head(handle*) 
elem name* of Name* ; 
then —(name € name*) a C_exttiname,, dpe, Taithandle*)) 
elem <name*; d -Fypel"> of D.hand 
then if name e name* 
then: dtype* = dtypel* 
else C_exit(name, appl, Tatthandiet 
elem others of Others © ae 
then false 
end 


Local exits must have carreapondling anaies: th he ren ob jects cannot be thrown 
away, and the types of the results must equal the types of the receiving variables. 


C_statementLbreaki(ce) = if ce.loop 
‘then <break in Stmt; ce> 
else Bad_stmt(ce) 


A break statement is legal only in the body of a loop statement. 


C_statementL continuel(ce) = if ce.loop 
then <continue in Stmt; ce> 
else Bad_stmt(ce) 


A continue statement is legal only in the body of a loop statement. 
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C_statementL begin body endB(ce) = let <unit; cél> = Cz 
} begin unit eh] in Sent; cel> 


C_statementl tagcase expression tag_arm’ ern? . 


let <expr; cel> = Gace a) 
<tag*; name*; d_comp]*; ce2> «= Cte arms(tag_arm*, el) 
namel* = Order\name*, name*) 

in” eri 


case Type_oflexpr, ce2) 
elem Loneofld_comp2* J of D_oneof 
then if namel* = d_comp2*iname A d_compi* ¢ d_tomp2* 
then <Ltagcase expr tag* see EONS — i 
else Bett stmttce® 
else Bad_stmt(cel) 


The name list returned by C_ teg_arms contains every name appearing on an arm; 
the d_comp list contains a name-d.type pair for every. name appearing on an arm 
with a variable. Each tag name must appear-exnedlpende an: some arm, and only 
tag names can appear. If an arm has a variable tio redeive’ the value part of the 
ob ject, the type af ie pracee * must Sa aien the value e type corresponding to every 


tag on the arm. 


C_statemenil tagcase expression tag_arm* others, body endJ}(ce) . = 


_let <expr; cel> = C_expression(expression, ce) 
<tagl*; namel*; d_compl*; ce2> .= C_tag.arms(tag_arm*, cel) 
<unit; ce3> —  Cubody(oady, ce2) 
tag2* . | = Append tagi*, Lothers: unit £ in Tag) 
in 


case Type_ofiexpr, ce3) 
elem Coneofld_comp2*J3 of D_oneof 
‘then if namel* c d_comp2*tname A ~Duplicates\namel*) A 
~Same_size(namel*, d_comp2*tname) A d_compl* c d_comp2* 
then <Ltagcase expr tag2* end] in Stmt; ceS> 
“else Bad_stmt(ce3) 
else Bad_stmt(cel) 


Each tag name can appear at most-onece, but-at least ene tag must be missing. 


C_tag_arms\tag_arm*, ce) = rec 


let <tag; namel*; d_compl*; cel> = _C_tag..arm(Head(tag_arm"*), ce) 
<tagl*; name2*; d_comp2*; ce2> = C_tag_arms(Tailtag_arm*), cel) 
in 
if Empty(tag_arm*) 
then <nil in Tag*; nil in Name*; nil in D.comp*; ce> 


else <Cons(tag, tagl*); Concat(namel*, name2*); Concat(dcompi*, d_comp2*); 
ce2> 


C_tag_armL tag anes body]ce) = 
let <unit; cel> = C_bodybody, ce) 
in 


<Etag name*: unit] in Tag; name*; nil in D_comp*; cel> 


C_tag_arml tag name* (idn: type_spec): body](ce) = 


let deci* = Lidn in Idn*): type_spec] in Deci* 
<d_type*; unit; cel> = C_xbody(decl*, body, ce) 
d_comp* = Get_d. —comps(name®, d_type* to D m8 
in 


<[tag name* (idn): unit] in Tag name*; d_comp*; cel» 
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C_xbody(decl*)Lequate* statement* ce) = 

let cel = C_equates(equate*, ce) 
ce2 C_decls(deci*, cel) 
<d_type*; ce3> = Get_decls(Delist(decl*tidns), ce2) 
<stmt*; ce4> C_statements(statement*, ce3) 
<idn*; ceb> = = Restore(ce, ced) . 


in 
<d_type*; Cstmt* local idn*]; ce5> 


The declarations can make use of the equates in the body. 


C_statementL for decl* in invocation do body endJ(ce) « 
let statement* = Make_statements(decl*) 


idn* = Delist(decl* Lidns) 
statement = for idn* in invocation do body end] in Statement 
body] = C(nil in Equate*) Append(statement*, statement)] 


in 
C_statement(L begin bodyl end] in Statement, ce) 


Mahke_statements(decl*) = rec 
if Empty(decl*) 
then nil in Statement* 
else Cons(Head(decl*) in Statement, Make_statements(T ail(dect*))) 


C_statemeniL for idn* in invocation do body endIce) = 
let <d_type*; cel> = Get_declsidn*, ce) 
<expr; ce2> = = ~C_iter_inu(invocation, cel) 
<unit; ce3> = C_body\body, ce2ltrue e loop)) 
cet. = ce3{ce2.loop @ loop] 
in 
casé expr 
elem invoke of Invoke 
then let Lexpri(expr*)] = invoke 
in 
if Include(d_type*, Yield_types(Type_oflexprl, ce4))) 
then <Lfor idn* in invoke do unit end] in Stmt; ce4> 
else Bad_stmt(ce4) 
else Bad_simt(cet) 


C_iter_inul ex pression (expression* Ice) = 
let PRD cel> = C_expresston(expression, ce) 
<expr*; ce2> = C_exprassions\expression*®, cel) 
d_type* = Typessoflexpr®, ce) _ 
in. | | 
case Type_oflexpr, ce2) 
elem Citertype (d_typel*). yields (d_sype2* ) signals (d_cond*)3 of D_iter 
then if Include(d_typel*, dtype") 0 C_d_conds\d_cond", ce2. handles) 
“then LLexpr(expr*)] in Expr; = 
else Bad ~exprice2) se 
else Bad_exprice2) 


' For an iterator invocation to be legal the » arguments must tbe of the correct types 
and all exceptional conditions that can be raised must be legal with respect to the 
surrounding handlers. nce hes ae a 


Yield_types(d_type) «=. | 7. : 
case d_type - 
elem Citertype (d _typel*) yields ss gl signals (d_cond* )3 of steal 
then dz atype2* 
end 


C_statement[ statement except when_arm* endi(ce) «= 
let <catch*; name’; handle*; cel> = C_wh¢n_arms(when_arm’, ce) 


ce2 | em sell Concatthandie*, ce.handies) @ handles] 
<stmt; ce3>__ ae” C_statementistatement, ce 
cet = ceSlee,pandies @ handies) 

in 


if —Duplicates(name*) 1”. Coa-goned Fad, handte®) 
then <Lstmt except catch® endJ. in Swnt;, cat> 
else Bad_stmt(ce4) 


The name list returned by Cwhen_arms contains every name. appearing on an 
arm, the handle list contains an element for every, arm. A given excepen name 
can only be listed once in an except statement, An, “exception can be listed even 
if the exception cannot occur during evaluation. The failure exception can be 
raised at-any time, and must-te legal with: respect to every except statement. 
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C_statementL statement except when_arm* others_atm eridii(ce) eo 
let <catchi*; name*; handlel®; cel = ©. “when araniien arin’, ee) 


<catch; ce2> = C_otherh. 

catch2* . 

handie2* oo. Append\handiel?, others in Handle) 
ce3 | - ce2Concatt handled ‘eodhatidiie @ Hendies] 

<stritt; ¢e4> eG eke ee 

ced 


in ee 24 £2 
if ~Duplicates(name*) n C_d_cond\ Fail), handw*y 
then <Lstmt except catche? end in Sete oe 


* else | Bad stM@Q@ i ne ae: 
Fail) a ae name a - “aihare® tx Name i 
dtype* = Edu, ,,4n, C30 in Dtype in D.sype® 
in 


Ename(d_type*)3 
C_when_armswhen_are®, Ge) «° ree ees S 
let <catch; namel*; handle; cel>  « C_when_arm Head when_atei®), cé) 
<catch*; name2*; handle; ce2> = C_when.arms(Taihwhen_arm®), cel) 


ba Fy Si 


in 
if Emptylwhen_arm Py 
then -snil in Catch* pil in Name*; nlf in s Hanatety: ce . . 
else. “ <Consicatch, ete) Concatnang®, name2*); Consthandle, gianni ce2> 
C_when_armE when nameé* (aeci*: body Ice) 
let <d_type*; unit; cel> = C_xbedyidecl*, body, ce) 
handle . = crite’; d_typ ' 
idn* a DallikaedP dad’ 7" 


in 


<b when pame* dnt undtditn Catchy, name’; teividie; cele © 


C when arniLwhen name* (3): bodyice) = 2 

ee let unit ‘Cel> = ney ce) oF og, Ge ae 

NOS pp : ? ‘ 
dobskas on wid eesen: name’; name. tn Handle; cel> 


C_others_armLothers: bodyI(ce) = det <unit; cel> = C_body(body, ce) 
in 
<Lothers: unit] in Catch; cel> 


C_others_armLothers (idn: type_spec): bodyI(ce) = 


let deci* = [idn in Idn*): type_specl in Decl* 
<d_type*; unit; cel> = C_xbody(decl*, body, ce) 
catch = Lothers (idn): unit in Catch 
in 


if (d_type* to D_type) = ([du +, ing £10 én D_type) 
then <catch; cel> 
else <catch; celltrue @ err]> 
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The major functions defined in this section are: 
Derive_specs:  Full_modute® hrc sais ar ee 
_ Same_s pec: —— ee wee) Tet 


rtaegids 


Interface specifications. ere ciao ry a coe manner. Wie. the existing 
interfaces for the abstractions being implemented are collected, and bid special interfaces — 
type and routine are instatled. THi-kh’ ‘debirhat nel! bal’ aside 9 artes ‘site derived 
from each module. The external and internal interfwcis are idntical for a rautine; the 
internal interface for a ‘cluster contains the interfaces of all cluster routines, while the 
external interface contains only the interfaces of the primitive eperations. The external 
interface of each module is checked against the interface for the corresponding abstraction, 
if that abstraction has an interface. After afl interfaces are derived, the external interfaces 
are installed; the iriternal interfaces are returtied for use Wien checking the modules in 
their entirety, as defined in the next section. . | 


Davives specs\f ull_module*, ce) » | ' 
let du_spec* = Get Ganere ee eer co m . 
cel = Init_specs(full_modute*imoduile, ce) 
in 


Get_specs(full_module®, du_spec*, cel) 


Get_du_s pecs(module*, ce) = rec 
if Emptymodule*) 
then nil in DU_spec* 
else let duspec* = Get_dusp dteleptiu, ce) 
idn = Get_mod.tin(Headinodule") | 
in 
case ce, infotidn) 
elem du fDU 
then Cons(ce.specs(du), ‘du_spec*) | 
else Cons(none in DU_spec, du_spec*) 


Get_du_specs collects the. omine interface . each nbaracton 


Init_specs(module*, ce) w= rec 
if Empty(module*) 
then ce 
else let cel = Init _specs(T aittmodule*), ce) 
ida = Get_mod. aithredatinan © 
in 
if Head\modute*) is Cluster 
‘then New_speclidn, type in BU_spee, cel) — 
else New_spectidn, routine in Dee — 
Init_specs installs the special Interfaces. , . 


Get_mod_idnll procedure] = procedure.idni 
Get_mod_idnliterator] « iterator.idn! 
Get_mod_idni cluster] = cluster.idnl = 


New. spelid, du_apee, ce) = case ce. infolidn) 
elem du of DU 
then let spec_map = cespecsidu ¢ du_spec) 
| a ae : 
celspec_map @ specs] 


else celtrue e err] 


Get_specs(full_module*, du_spec*, ce) = rec 


let Lequate* module} “ Headifull_modute®) 
cel = C_equatestequate*, ce) 
educsuecii du_spec® ceky * CL tpectiibitete, eb 
ce3 2° Get te ert wert - 
<du_specl*; cet> “ Cusp aul nol, Fettituspec*), ce3) 
ced : med idriioniie,’ das 
du_spec2* - Considu_spech, dua ; 
if Empty(full_module*) eee Pa eG) PT RAGS 


then <nil im Dkkcmpes*; cer 
else if Seis speleadiiu seu. du_spec2) 
then <du_spec2*; ce5> 


else <du _Spec2*; ceSl true e@ err]> 


Get_specl procedureH(ce) = let. <r apes; taba. 9, f | 


The first du_spec returned by Gel_spec is ‘the internal interface; the second 


Wek: 


. du _spec is the external interface. Rats inal the sera interfaces and 


returns the internal interfaces. 


re ip Routine, ce) 


: oe 
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Get_specLidnl = cluster Cdeci*] is idn* where restriction® 


equate* 

routine* 

end idn2I(ce) = 

let cel ; = Set_op_names(routine*, celtrue e cluster)) 

ce2 = Cudefstdecl*, equate’, cel) 
ce3 -— = C_restrictions(restriction®, ce2) 
‘idn* = Delist(decl*lidns) —” 
d_parm* = Get_d_parms(idn*, ce3) . 
cet » Add_up_typéidnl, idn*, ce). 
<op_specl*; ceb> = Get_op_specs(routine*, idn*, ced) 
op_spec2* = Get_ext_specs(op_specl®, idn*) _. 
op_spec3* - «= Orderlop_spec2*iname,, op_spec2*) 


in 


<[{d_parm*J; op_specl* J in DU_spec; [Ld_parm*1: op_spec3*3 in DU_spec; ce5> 


Set_op_names(routine*, ce) = rec 
if Empty.routine*) 
then ce 
else let idn = Getuop_idn(Head(routine*)) 
cel = Add_infolidn, routine in Info,. ce) 
in : a 
Set_op_names\Tail(routine*), cel? 


Get_op_idnll procedure] = procedure.idnl 


Get_op_idnliterator] = iterator.idnl 
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Add_up_typelidn, idn*, .ce) 
if Emptytidn*) 
then let <d_type;cel> = C_type_speclidn in Type spe, 9@ 
in 


celld_type @ upitnil in Ob fF e e paral 
else let constant* — = Meda sto ta.jn ‘Constant* 


ab: Ue 


<d_ ype: cel> = = C_type_spedt Lopnsti ’ 
<obj*; ce2> = C_constqnts(co wn <a 
ra eae 3 
ce2{d_type © upliob ft e parr) sh 
Make. constants(idn*) " te 9 Binpeytin®? ; 
thin tilt int Condtani 
else Const Headtidn*) in Constant, 
“ Makebenstent tT cai) 
Get_op_specs(routine*, idn*, ce) = reo a 
let <r_spec; cel> = Get sp Head oie, ce) 
[ld_parmi*3: d_typed = r spec 
name = Me 
d_parm2* ae Fshespeoneg ev mene 
d_parms* = Concatd_parm2*, dps") 
op_spec = Cramelid2pacn® 3) a ipped >” 


<op_spec*; ce2> - nT ec ine _oeloeLerr e ered 
in 
if Emptyroutine*) 
- then <nilin Op_spec*; ce> 
else <Cons(op_spec, op_spec*); ce2> 
The interface of each cluster routine is first derived essentially as if the routine 
were a module, and then the d_parms for the cluster parameters are added to the 


interface. 


Get_ext_specs(op_spec*, idn*) = rec 
if Emptylop_spec*) 
then nil in Op_spec* 
else let Cnamefd_parm*}: ype] = Headtop spec?) 
in 
if Make_idniname) € idn*. — 
then Cons(Headlop_spec*), Get_ext_specs(Tailtop_spec*), idn*)) 
else Getext_specsT aillop _spec*), idn®) 
The check that each idn names an. operation, and that no idn is listed twice, is 


made later as part of the check of the entire module. 


Make_idn: Name > Idn 
Make_idn returns the idn corresponding to the given name. 


Get_r_ petal = proc Cdecll*] (deci2*) returns (type_spec*) signals (cond _spec*) 


where restriction* 

equate* 

statement* 

end idn2D(ce) » 

let cel = C_defs(decil*, equate*, ce) 

ce2 = ¢. _restricttons(restriction®, cel) 
d_parm* — = Get _-d_parms( Delistidecil* Lidns), ce2) 
ce3 = C_head_decls(dect2*, ce2) 


' <d_typel*; ced> = Get_decls(Delist(deci2*tidns), ce9) 
<d_type2*; cei> = C_head_types(type_spec*, cet) 
<d_cond*; ce6> = C_head_conds(cond_spec*, ce) 
<d_type; ce7> = C_proc_typeld -typel*, d.sypee", 4. _sond®, ce6) 
name - = Make_nameidnt) 
in: | 2 
<Enameld_parm* J: Rak ce7> 
Get_r_spec is used for all procedures and iterators, inclyding cluster routines. 
The use of cvt is controlled by a flag in the CE. The environment is not 
restored at the end so that any restrictions on cluster parameters imposed by the. 


routine can be collected by Get_op_specs. 
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Get_r_specLidnl = iter Cdecll*] (decl2*) ylelds (typespec*) digmats teond spec") | 
where restriction® = 


equate* 
_ statement® 
end idn2Kce) = 
let cel = Cidefsidecil*, equate*, ‘Ce 
ce2 a Curesinicttonstrestriction®, cet) 
d_parm* = Get _d_parms(Dehsithech® lida, an 
ce Caled eee mr 


<d_typel*; cet> = Getcdecdstalistdectt* sidns),.ce8) 

<d_type2*; ceb> = C_head_types(type spec*, ce4) 

<d_cond®; ce6> = C_head_conds(cond_spec*, ced). . 

<d_type;ce7> = C_iter_typed_typel®, d_sype2*, ‘d.sond*, 8 

name - Make_namdidnt) " 
<Lname(d_parm*]: d_type}; cel wae 


C_defsideci*, equate*, ce) = 
let cel = celfaise e err] 
ce* = {ce2| 3equatel*, equatez®, pera, 


Concatiequatel®, eer A 
ce = Sana ‘deet*, / equate?®, cel) A 


in 
if Empty\ce*) 
then celtrue e err) 
else Head(ce*\ice.err ®. err) 
Since parameter declarations can » inveten eqped. identifiers, we treat the list of 
declarations essentially as a single eee and took for a _— ania of all 


equate 


. C_defslequatel*, dect*, equated", ce) = let cel = _Coaquatesequatel® ce) 
ce2 = C_parm_dedistdec!*, cel) 
ig 


| Coanihapat a 


ob BAST ha ee Ae ee ST ek nt RR ee ate ae ae, ee eee eee ewe a ean Ne cee emcee sae Meee te eee gen wa ace ea ear ge ee Se kee ane ae, 


_C_parm_decls(deci*, ce) = rec 
let Ea Rene = Headidecl*) 
cel perm decades, ce) 
in 
if Empty(deci*) 
then ce 
else if type_spec is Type 
then Add_infostidn*, nil in Op_dect* in Info, cel) 
else let  <d_type; ceQ> = Ciype_speclype dpe, cel) 
in 
case divine 
elem Cdulobj* 3 of D_mod. eo ak 
then if du ¢ <dUnut) 7 DUy 50) i BUint ; du Ureat ; nay ss GU, tring > 
then Add_infostian*; d.sype-me He Oenmee: ‘tn Info, ce2) 
else cealtrue © err} gS 
else ceAl true @ e@ err) ; 


Get_d_parmsidn* , ce) m rec 
let idn = Head\idn*) 
‘diparm* = Get_d_parms(Taikidn*), ce). 
if Emptylidn*) 
then nil in D_parm* 
else case ce.infotidn) 
elem op_deci* of Op_deci* 
then Cons(Lidn: (op_decl* in Constraint), paca 
elem constraint of Constraint 
then Cons(Gidns constraint,.d.parm*) 
else Cons(Lidn: (bad in POE in Comte, _d.parm*) 


C_restricttons\restriction®, ce = ree 
if Empty(restriction*®) — 
then ce 
else let cel = C_restriction(Head(restriction*), ce) 
in 
C_restrictions(T ail(restriction*), cel) 
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C_restrictionLidn has oper_deci*Kice) » 
let <op_decl*; cel> = C_oper_decls(oper_dect”, ced — 
Add_op_decls(idn, op_decl*, cel) 


C_restrictionLidn in type_set(ce) = 


let <tset; cel> = C —fype_set\type. set, ce) 2 
Lidnl has op_decl*} =‘ tset 
ob j = Elidt in Dtype in Ved: iecte wise 
op_decll* = Substiobdj in Qbj*, idnl in Idn*, op_deci*): 
in ye ete 


Add_. epee ian, op_decil*, cel) 


C_type_ sett Gidnh Jidn? ‘has oper sect’ envi Yeo. . 


let cel = Add_infolidnl, nif da paper otf ce) 
ce2 = Clequatestequate*, ce) es 
<op_deci*; ce3> = C_oper_decls(oper_deci*, ce2) 
info = op_deci* in Constraint in Info 
ce4  . pada info, celceS.ers eerr}): 
ced = C_equatesloquate®; c##b 8 


<op-decil*; ce6> = C_oper_.decls(oper_deci*, ce) 
tset Cidnl has op_decil*3 
<idn*; ce7> = Restore(ce, ce6) 
in 
if idnl = idn2 

then <tset;: cel> 

else <tset; ce7{ true e err)> 

A typeset is treated much Jike a module heading. First the oper_decis are 


evaluated assuming the dummy parameter has any ‘and al Operations, and then 
the oper_decis are rechecked with complete informatiqn ahewt the operations. . 


C_type_setLidn ce) = let cel = celCons(idn, ce.used) @ used] 
| in , 
case ce.infotidn) 
elem tset of Tset 
then <tset; cel>s 
else <Lidn has (nil in Op_deci*)]; ceiltrue e err)> 


C_oper_decls(oper_deci*, ce) = rec 
let Loper_name*: type_spec] = Head(oper_deci*) 


<d_type; cel> = C_type_spec\type spec, ce) 
<op_decil*; ce2> = C_oper_names(oper_name*, d_type, cel) 
<op_decl2*; ce3> = C_oper_decls(Tailloper_deci*), ce2) 


in ; 
if Empty\oper_deci*) 
then <nilin Op_decl*; ce> 
else if d_type is D.proc v_ d_type is D iter 
then <Concatlop_decil*, op_deci2*); ce3> 
‘else <op_deci2*; ceStrue e err]> 


C_oper_names(oper_name*, d_type, ce) = rec 
let CnameLconstant*]2 ‘= Headloper_name*) © 
<ob j*; cel> = C_constants(constant*, ce) 
op_decl = Cnamelobj*]: d_typed . , be 
<op_deci*; ce2> = C_oper_names\Taioper_pame*), d_type, cel) 
if Empty(oper_name*) 
then <nilin Op_decl*; ce> 
else if L_parms(obj*, ce2) fe. 
then <Cons(op_decl, op_deci*); ce2> 
else <op_deci*; ce2 true e err)> 
References to type parameters and to thé abstractions being implemented are not 
allowed in the evaluated constants of restriction oper_jiames. L_parms performs 
__this check. 


98 


Add_op_decls(idn, op_deci*, ce) = 
case ce.infolidn) 
elem op_decil* of Op_decl* 
then let info_map = ce. einfakdn © Conan, ‘opdecii*)) 
in. ee ae at 
celinfo o_map e info) . 
else celtrue e err] 


C_head_decls(decl*, ce) = ree 
if Empty(deci*) 
then ce . 
else let Lidn*:.type_specd = Head(decl*) 
<d_type; cel> = C_head_typettype_spec, cob 
ce2 = Add_infosidn*, ¢_type in Info, cal) 
in : 
C_head_decls(Faiidect*), ce2). 


C_head_types(type_spec*, ce) = rec 
let <d_type; cel> = C_head_typelHead\type_spec*), ce) 
<d_type*; ce2> = C_head_typessT aiktype_sper*), cel? 
in Sy 
if Empty\type_spec*) 
then . -snit in D.type*; 3. Ce> 
else <Constd _type, d_type*); ce2> 


C_head_type\type_spec, ce) = if type.spec is Cvt A’ ~(ce.up és bed 
then <ce.up; ce> 


else C_type_specitype_spec, cey 

Cvt is permitted as a top-level type specification. jo. declaring arguments and 

resulta (including yield and. signal remuke) of chaser poytines.. When deriving 
_ interfaces, evt is replaced by the abstract type. _ | 


C_head_conds(cond_spec*, ce) = rec 
let Tname(type_spec*)I = Head(cond_spec*) — 
<d_type*; cel> = C_head_types(type_spec*, ce) 
' d_cond 7 = Cname(d_type*)3 
<d_cond*;ce2> = CL. hendcondt lcd sp”, cel) 
in 
if Empty(cond_spec*) 
then <nilin.D_cond*; ce> 
else <Cons(d_cond, d_cond*); ce2> 


_ Same_spec(du_specl, du_spec?) » 
if du_specl is R_spec A du_spec2 is Rispec 


then Same_r_spec(du_specl to R_spec, ‘du_spec? to R sped” 
else if du_specl is T_spec A du_spec2 is T_spec 


then Same_tispec(du_speci to: T_spec, canta Tispeo . 
else du_specl is None 


The first argument is the interface from the aa: the second argument is ane 


derived interface. 


Same_r_speclr_specl, r_spec2) = 
let Cld_parmi*1; d_typel] 
CLd_parm2*): d stdgced 


ve 
Hii 
= 


idni* 

constraintl* = dparmi*seonstraint 

idn2* . ~ d_parm@*didin 

’ constraint2* = Replace(idni’, idn2*, apart constraint) 


in 

if Same_sizeidnl*, idn2*) 

then Same_constraints(constrainti*, -eonstraint2*r A 
— d_typel = Replacelidni*, idn2*, d_type2) 

else false 


Replace: /  Idn* x Idn* x DD - o% 
Replace is defined for all domains D. Replace does a simple substitution in the 
third argument, replacing each occurrence of an idn from the second list with the 


corresponding idn from the first (the two lists must be of equal length). 


Same_constraints(constraintl*,, constraint2*) = rec 
if Empty(constraintl*) Vv Empty.constraint?*)_ : 
then constraintl*® « constraint?* 
else if Same _constraints(T alconstrainit), ‘Falleansraina) 
then case Head(constraintl*) — : 
elem op_decil* of Sp net 
then case Head(constraint2*) 
elem op_deci2* of Op_deci* 
then op_dectl* c op_deci2* n op decid ¢ op.seci* A 
Same_sizelop_decii*, men? 
else false : 
else es «  Hecdeonarain 


else false 


Corresponding type ficenous must hava ieetitice ssc trengh the order in 
which the op_decls are listed in agin Other’ —e parameters 
must bé-of the same type. - eae 


Same_t_spec(t_specl, tspec2) = 
let UCd_parml*]: op_specl*3 = t_specl 
CLd_parm2*1: op.spec2*3 = t_spec. 


idni* = d_parmi* didn: 

constraintl* = duparni* Leoristraint 

idn2* = duparind* bidn 

constraint2* = Replécastidnl*; idn2*, d_parm2*tconitraint) 


if Same_sizelidnl*, idn2*) 
then Same_constraints(constraintl*, constraint2*) A 


Same. -op _specstop.spetl®, Kauai 
else false 
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Same_op_specs(op_specl*, op_spec2*) = rec 
det [Enamel€d_parmi*]: d_typel]. = Head(op_speci*) 
Lname2ld_parm2*1: d_type23 = Headtopispec?*). 
in . j 
if Emptylop_speci*) v Emptylop_spec2*) 
then op_specl* = op_spec2* 
else namel = name2..a . 
Same_r_s pecEldaparml*): a epalk Ed parm2* 3: d.sype2D A. 
Same ARPT ANP FRE Ns ncemaoula : 


i warmaten yt j* F ee) ree if Emptylobj") 
then true 
else if L_parms(Tativob i, eo . : 
then let Lvals dtypel. =. Head(ob|*) 
in 
if dtype is Type 
then Ltypelval to D_type, ce) 
else: true’ 
else false 


Illegal references can occur only in types. 


102 


L_type(d_type, ce) = 
case d_type 
elem Crecordid_comp*]3 of D.secord 
then L_types(d_comp*id_type, ce) 
elem Loneofld_comp* I of D_oneof 
then L_types(d_comp*id_type, ce) 
elem Lproctype (d_typel*) returns (d_type2*) slgide teaming D:proc . 
. then Lutypestd sypet* ce) a Ea nypasid type2?, ge: A a 
L_types(Delisttd cond*pd-syped, eek 
elem Litertype (d_typel*) returns (d_type2*) signals (d.sond* ” of Die 
then L_types(d_typel*, ce) A L_typesd Sypee*, wa a 
. L_types( Delist(d_cond*td Ape, ce — 
elem Cdulobj*]3 of Dmod 
then —(ce.speestdu) ts Typed L perma ce? 
elem idn of Idn 
then false 
else true 


Formal type parameters and instantiations of the (data) abstractions. being 


sl ae are illegal. 


LL typestd _type*, ce) = rec if Empty(d_type*) 

| then true 

else ee ce) A 
L_types\Taikd_type*), ce) 
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The ma jor function defined in this section is: 
Compile: _ Full_module* x Info, sap.x Library > Library 
The domain Spec_map was defined in section 8.1. The domain Library és defined as: 


Library: specs: Spec_map x imps: lmps_map. 
Imps_map: DU — Imp* 
The domain Imp is defined in the next chapter. . 


To check a set of f ull_modules, we first Gerive ihterfaces as defined in the previous 
section. Then each module is checked in its entirety. as follows. For procedure 3 and iterator 
modules, the formal parameters are bound. to: their. constraints as listed in the internal 
interface, and the header is reevaluated to ensure that the: ‘interface is consistent. The body 
of the rautine is then checked. For cluster modules, the formal cluster. parameters are 
bound to their constraints and the idns naming cluster routines are bound to the interfaces 
for those routines; then each routine is checked, as for procedure and iterator modules. 


Compile(full_module*, info_map, library) = 

det cel = Createcetinfo_map, library.specs? 
<du_spec*; ce2> = Derive_ specs(full_modute®, cel). 
<mod*; ced> = C_fudll. midd test Full 5 ute’ aca ce2) 


in 

if ceS.err 
then library 3 
else <ce3.specs; Add_imps(mod*, litrary.imps)> 
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Add_imps(mod*, imps.map) = rec 
if Empty(mod*) 
then imps_map 
else let du = mod_form] = Head(mod*) 
imp : = Meaningimod_fornt 
imp* = Constimp, imps_map(du)) 
in 
Add_imps\Tailimod*), impsmapide — imp*)) 
Meaning is defined in the next chapter. 


C_full_modules\full_module*, du_spec*, ce) = rec 
let Cequate* module] = Head(full_modale*) 


cel = C_equatestequate*, ce) 
ce2 - Install_specHead(du_spec*), cel) 
“<mod_form;ce3> = C_inodulenedute, ce2) 

du: = Get_dudGetmodsdn(rmoduted, on 
med = [du = mod_form3 

ce4 = celce3.err @ err] 


<mod*; ce5> ~ C_full_modules(Tailfull_modute), Tailidu_spec*), cet) 
if Empty\full_modute*) 

then <nilin Mod*; ce> 

else <Cons(mod, mod*); ce5> 


Install_s pecLLd_parm*): dtypelce) = Add_parmsid_parm*, ce) 
Install_specLid_parm*]: op_spec® Kee). = Let cel =. Add_.parms(d_parm*, ce) 
in 


Add_ops(op_spec*, cel) 


Install_specLroutineHce) = Install_specltypelice) = 1, 


The special interfaces exist only when deriving interfaces. 


Install_specE nonel(ce) = ce 


Get_dulidn, ce) #. case ce.info(du) 
elem du of DU 
then du 
else du, 


It is an error if the idn does not name a DU, ‘but the error is pcaughe elsewhere. 


Add_parms\d_parm*, es = rec 
if Empty(d_parm*) 


then ce 
else let Tidn: constraint] = Head(d_parm*) . 
cel = Add_infoidn, constraint in Info, ce) 
in 


Add_parms(T ailld_parm*), cel). 


Add_opstop_spec*, ce) = rec 
if Emptylop_spec*) 


then ce . 
else let erated! d.type] = Head\op_spec*) 
idn « Mekaidainme 
r_spec = Eld_parm*y; dtyped, 
cel = Add_infolidn, rspec in Info, ce) 
in 


Add. -ops\T ailtop_spec’), cel) 


om module procedurel\ce) . let <op_form; cel> = C_routinel procedure in Routine, ce) 
in. 


<op_form in Mod_form; cel> 


C_moduleLiteratorI(ce) = let <op_form;cel> = C_routine(iterator in Routine, ce) 
. in 
<op_form in Mod_form; cel> 
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C_moduleLidn1 = cluster Cdecl*] is idn* where restriction* 


equate* 
routine* 
end idn2I(ce) = 
let idn* = Délistidect*lidns) — 
cel = Add_up_typelidni, idn*, celtrue e cluster) 
ce2 = C_equates(equate*, cel) me 
ce3 = L_parm_decls(decl*, ce2) 
ce4 = L_restrictions(restriction*, ce3) 
ced = Eraselidn*, cea) 


<oper*; ce6> = C_routines(routine*, ce5) 

mod_form = LelusterCidn*} oper* end3 in Mod_form 

in Pa 

if idnl = idn2 A ~(ce2.down is Bad) A -Duplicatestidn*) a idn* c oper* tidn 
then <mod_form; ce6> . 
else <mod_form; ce6{true e@ err]> 


A rep equate must occur in the list of equates. The cluster parameter bindings 
are removed before checking the routines; new bindings for these parameters are 
obtained from the interface of each routine. 
Eraselidn*, ce) = rec if Emptylidn*) 
then ce 
else let info_map = ce.infolHeadlidn*) + none in Info) 


in ? 
Erase(Taillidn*), celinfo_map e info)) 


C_routines(routine*, ce) = -rec det routine = Head(routine*) 
idn = Get_op_idn(routine) 
cel = Installop_spectidn, ce) 
- ‘<op_form; ce2> = C_routineyroutine, cel) 
oper - = Eida-sopforrm) — 


<idn*; ce3> = -Restorece, ce2) . 
<oper*; ce#> = C_routines(Tatlroutine®), ce3) 
in 
if Emptylroutine*) 
‘then. <nil in QOper*; ce> 
— dse_-<Constoper, oper*); ce4> 


Install op_spectidn, ce) = case ce.infolidn) _ 


_ dem. CLd_parm*]; d_type} of R_spec 
then Add.parmsid_parm*, ce) 


else celtrue @-err) 


L_parm_decls(decl*, ce) = rec 
if Empty(decl*) 
then ce 
else let Lidn*: type.specd = Head(deci*) 
| in ; 4% 
if type_spec is Type 
then L_parm_decls\Taikdect*), ce) 
else let <d_type; cel>. = C_typespecitype_spec, ce) 
in 
L_parm_decls\Taildeci*), cel) 


The type specifications used to declare paramere’: are. rechecked: ‘solely to gather 


uses of external references. 
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C_routineLidnl = proc Cdecti*3 (deci2*) returns (type_spec*) signals (cond _spec*) 
where restriction® 


equate* 
statement® 
one eee s 
let cel ‘= celfalse e@ iter](Cons(idni, ce.used) @ used) 
cez = C_equatestequate®;* cel) 
ce? . = Liparm_decis(dectl*, ce2) 
<expr*; ce4> = C_cut_declsidect2*, 023) 
<d ype"; ; bool’; ceb> = C_cot_types(type_spee*, cet) 
<sig*; ce6> = C_eut_condstcond_spec*, ced) 
sigi* = Appendsig*, <Faild; false in Bool*>) 
ce? a oo restrictionstresttiction®; by 
ce8 = ceXd_type* e resultsil Boo? e cvtslisigi* e sigs) 
idnl* = Delistidect*tidns) ~~ 
idn2* = Delist(dect2*tidns) 
<stmtl*; ce9> = C_statements(statement®, ce8) _ 
stmt2* = Cons(Lidn2* := expr*3 in Stmt, stmtl*) — 
stmt3* = if Emptyitype_spec*) 
then stmt2* 
else Append(stmt2*, 
Creturn(nil in Expr*)3 in Stmt) 
<idn3*; cel0> = Restare(ce, ce9) eee AES Mae 
unit = Cstmt3* local idn3*3 
op_form sm Eroutine fidnl*] Ganz?) unit ‘end? 


in 
if idnl = idn2 
then -<op_form; celQ> 
else <op_form; cel0(true e err)> 


C_routine is used for all procedures and iterators, including cluster routines. The 
use of cvt is controlled by a flag in the CE. In checking the argument 
declarations, a multiple assignment is constructed to make explicit all implicit 
downs. During execution a formal argument declared with cvt initially will be 
assigned an object of the abstract type, and then is reassigned an object of the 
representation type when the multiple assignment is performed. 
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C_routineLidnl = iter Cdecti*] (deci2*) yields (type_spec*) signals onde? 
where restriction® 
equate* 
statement* 
end idn23ice) «= 


t 


let cel = celtruee iter Cons(idni, ce.used) @ used) 
ce2 = C_equatestequate*, cel) 
eS = L_parm_decls(decii*, ce2) 
<expr*; ce4> = Clevtdecisideci2*, ce8) 


<d_type*; bool*; ce5> = C_cut_types(type_spec*, cet) 


<sig*; ce6> = C_cvt_conds(cond-spec*, ced) 

sig1* = Append sig*, <Fail); false in Bool*>) 

ce? = L_restrictions(restriction*, ce6) 

ce8 = ceTd_type* @ resuttsKbool* « cetelaigh e sigs] 
idni* = Delistdeci*didn) 

idn2* = Déelistdeci2*sidns) 

<stmtl*; ce9> = C_statementitstatement®, ce8) 

stmt2* = ConsCidn2* ie expr*3-m Stmt, stmti*) 

stmt3* = 


<idn3*; cel0> 
unit - 
op_form 


Append stmt2*; Creturn(nil in Expr* 4 in Stmv) 
Restore(ce, ce9) 
Lstmt3* local idn3*J 

Croutine Cidni*] Gidn2*) unit end} 


in 
if idnl = idn2 
then <op_form; cel0> 
else <op_form; celO{true e err]> 


L_restrictions(restriction*, ce) = rec 
if Empty{restriction*) 
then ce 
else let cel = L-pestrtton Head etrction”, ce) 
in : 
L_restrictions(T ail(restriction*), cel) 


Ho 


L_restrictionLidn has oper_decl* te) = 
let <op_decl*; cel> = C_oper_dects(oper_deci*, ce) 
in 
cel 


The check that. the idn is a type parameter,» was performed when deriving 


interfaces. 


LerestrictionCidn in type_setI(ce) = let <tset; eel> = C_type_setltype.set, ce) 
= in ; re Pete sg : ‘ 
cel 


C_cut_decis(deci*, ce) = yee. 
let Lidn*: type spec}. = = Head(deci*) 
<d_type; bool; cel> = C_cut_typeltype:spec, .ce? 
ce2  w Add_infoslidn’,. dtypein Info, cel) 
exprl* =. Getexprstidn*,..bood 
<expr2*; ce3> ‘= Ctvt_decls\Teikdect"), ce2) 
moo. 
if Empty(deci*) 
then <nilin Expr*; ce> 
else sBoneatlex piss expr2*); ce> 


Get_exprs(idn*, bool) = rec if Emptylidn*) 
| then nil in BABE: 
else let expr* «= Get_exprstTaittian®), bool) 

expr = Headtidn*®) in Expr 

in 

if bool — 
then Gonigaavietnee st in Expr, expr®) 
else Constexps, .expr*) . 
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C_cut_types(type_spec*, ce) = rec | 
let. <d_type; bool; cel> == C_cut_typel Head\type_spec*), ce) 
<d_type*; boal*; ce2> = C_cut_types(Taitype_spec*),. cel), 
in _ 
if Empty(type_spec*) 
then <nilin Dtype*; nilin Beol*; ce> 
else <Cons(d_type, d_type*); Cons(bool, bool*); ce2> 


C_cut_type(type_spec, ce) = if type_spec is Cvt n ~(ce.down és Bad) | 
then <ce.down; true; ce> 
else let <dtype;cel> = C_type_specitype_spec, ce) 
cee oar 
. <d type false; cel> 


Cvt is permitted. asa top-level type specification in declaring arguments and 
results (including yield and signal results) of cluster routines. When ga oi the 
entire module, cvt is replaced by the representation type. 


C_cvt_conds(cond_spec*, ce) = rec 
let Cname(type_spec*)3 = Head(cond_spec*). . 
<d_type*; bool*; cel> = C_cut_types(type_spec*, ce) 


_dicond - = Lname(d_type*)3 - 
sig = <d_cond; bool*> 
<sig*; ce2> "m= C_cut_conds(T aiKcond_spec*), cel) 


in. 
if Empty(cond_spec*) 

then <nil in Sig*; ce> 
else <Cons(sig, sig*); ce2> 
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6. Meaning 


In this chapter we define thé inedting of fégat miodutéd. Again, 0 minimize the 
number of forward references, we proceed from the bottom up, We begin by defining 
execution environments, and then we define =“ Of expressions, statements, and 
finally modules. a , 


6.1 Environmiénts 
The domain Env of exectition environinenis ié defined as follows: 


Env: imps: Imp. map x vars: eV map. x loops: Loop* > x array: Array x 


| arrays: A map x rebord: Record x re baal : Rs fap 

rip Sap: DU + lop . | 
Imp: Op + Type a 

Op: | Obj* x Ob i x Env » + Reith . 

Type: Obj* x Nainé ~ Op 
Vimap: sd > Qbj 

Loop: vars: Idn* ‘ body: Unit x env: Env 

A_map: | Array ~ Int x Ob}* 

R_map: Record - Ob j* 

Result: term: Term x objs: Obj* x env: Env 

Term: Normal + Return + Break + Continue + Signal + Exit + Loop_term 
Signal: signal: Signal x name: Name 

Exit: exit: Exit x name: Name 


Loop_term: Return + Signal + Exit 
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The meaning of the various components of an execution environment are: 

imps - a mapping” from DUs to implementations. This is not the mapping that is part 
of the library; ‘rather, it is generated, from the library by peters a saa ic. 
implementation for each abstraction used in the program. 

vars - a mapping that defines the current object denoted by each variable. 
Uninitialized variables denote the bad ob ject. ans 

loops. - a stack of closures for.for statements. Rach -closure:-conststs of thelist of loop 
variables, the loop body, and the-va¢iable bindings-active for the loop body. 

array - a seed for generating new unique ids: for-array: objects: Every id: less than this 

| seec-ip the:id of ‘an. existing aecay ‘ob jects. (The domain nerey saoapeland to 
the natural numbers.) * ; 

arrays - a mapping that defines the current state (low bound and ener, of each 
existing array ob ject. i ie | 

record - .a seed for generating new unique ids for record objects, Every id less than this 
seed is the id of an existing record sit the domain Record is isomorphic to 
the natural numbers.) ars oe : 

records - a mapping that defines the current state-of ach ) existing record 2 object. The 

components are in increasing lexicographic order according to their selector 


names. 


We note that in a more “standard” semantic. definition Jone would not. coalesce all of 
this information into a-single domain. Rather, the domaif; Env::would consist solely of 
variable bindings (i.e, Env = Vmap) anda separate domam, State, would be defined to 
consist of the other information. The principal, advantage of such a scheme is that, 
although all of the information is needed to def. ine the Meaning o of most constructs, certain 
evaluations (eg., expression evaluation) cannot change ( fand therefore need not return) any 


variable bindings. However, as discussed in section 223, using a single domain cas 
Simplifies the task of re ee exceptions... 
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Primitive_ enw) = <Primitiveimps); Ly magi sige L array 1, nap dL record 1p map? 
Primitive_env is used in the evaluation of constant expressions. Constant 
" expressions do not contain variables and do not create or manipulate mutable 


ob jects. 


Primitive_imps: ~ Imp_map 
Primitive_imps returns an imp_map with implementations for the built-in types, 
the array -type generator, and the procedure generater F6re®. ‘Iniplementations 
of the record, oneof, proctype, and: itertype. type generators, and the type 
routine. will be handled speciaily, similar to: the way their interfaces were handled 


in section 5.3. 
6.2 Expressions 


The major functions defined in this section are: 


E_expr: Expr x Env + Résutt 
E_exprs: - Expr* x Env ~+ Result 
Euinvoke. _.. Invoke » Env -~» Result 


E_exprs(expr*, env) = rec 
if Empty(expr*) 
then <normat in Term; nil in ov}: eriv> 
else res <terml; obji*;envi> « E.expr(Headlexpr*); env) 
<term2; 0b 2*; env2>.= E_exprs(Taillexpr*), envi) 
" <normal in Term; Concatiob;t*, ob 2"); env2> 
The res notation, defined in section 3.4, is used to propagate as since (and 


bottom, in the event of nontermination). 


E_expri.ob ftenv) = <normal in Term; obj in Obj*; env> 
Actual parameters are substituted for formal parameters throughout a module 
before evaluation takes place, as def ined in section 6.4. 
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E_exprlidnienv) = let obj = env.vars(idn) 
in 
if obj ~ [(bad in. vans tad in D.type)d 
then Fallureuninitialized variable’ in String, env) 
else <normal a in "Tere, obj in n Obj; env> 


Failurestring, env) = let term = <exit, “failure” in Name> in Term. 
ditype = = CdugsriggE ca in Ditype 
obj = = C(string in Vali: d_typel 
in ; 
_ sterm; obj in Obj*; env> 


E_exprLinvokelenv) «= E_invoke(invoke, env) 


E_invokeLexpr(expr*)Menv) = 
res <terml; objl*; envi> = E_expriexpr, env) 
<term2; ob j2*; env2> = E_exprs(expr®; envid ’ 
let <op; obj*> > = Get_oplobfi* to Ob} env2) 
v_map = Aidn. [(badin Vab: (bad in D_type)] 
| <term3; objt*; env$> = oplobfs*; obf2*, env2v_map e vars) 
in | . ae 
Pass(term3, obj4*, env3lenv2.vars e vars) 
Get_op returns the implementation and the actual, , Parameters for the routine. 
Pass is used to propagate bottom in case the routine dees.not terminate. AThe res 


notation cannot be used because the vatiable bindings must be restored) 


Passiterm, obj*, eny) = if term.is Normal. v teve 
then <term;, obits env> 
else Lpesuit 


If the termination condition is bottom, then boetorn is i produced otherwise the 


usual result is formed. 
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Get_oflobj, env) = case obj.val nied 
elem Kauvleb P01 fDimod 


. ¢dem ier af Ddter..... 
then cliortype_aya. bes, poo or 
elem routine of Routine. 
_ then, sRoutine.opngme); on 


len Kdulobs2.¢f | B.mod:.... 
oe them: we redeem “Tm 
* aateng nae wef. 

vad 
Record_op: * plyeetid' Name + op 
‘Oneofiops | DisAiNir e Hene sO Hyon daa OO ERG 
Procty pe_ope 3 »Dprec 34 Diane Op: 3 se GRRE Moa? goes nace ert 
ltertype_op: D_iter x Name + Op 


Implementations of the record, Sndet, pouty pe, ald iterype type: generators 
cannot be represented as elements the « domain Tyee, but implementations for 
the operations of any pte somite gan be re resented As elements of 
Op, as defined in section 6.5. 


Routine_op: Name > Op 
Routine_op represents the implementation of the type routine, as defined in 


section 6.5. 
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E_exprid_type${comp*)Kenv). « | 
res <term; obj*; envl> = E_exprs(comp*lexpr, env) 


let objl* sm Order\comp*iname, obj*) 

record = envi.record . 
rmap = envi.records{record © objl*) 
env2 | = : 


| envi New recordtrecord)@ reeordilt_map @ records) 
<normal in Term; [record in Val: dtypel in Obj*; env2> 
New _record: — Record ~» Record 
| ; New_record returns the successor to the given element. (The domain Record is 
isomorphic to the natural numbers.) . 
E_exprid_type$lexpr: expr* Tenv) « 


res <terml; obji*; envl> = E_expriexpr, env) 
<term2; obj2*; env2> = E_exprs(expr*, envi) 


let obj = obji* to Obj - 
int: oy 2 = obj.val to Int. 
array = env2.array 
a_map = env2.arrayslarray © <int; obj2*>) 
env3 m= env@lNew_arvaylarray) @ arraya_map e arrays) 
in 


if L_state(int, obj2*) a 
then <normal in Term; C(array in Val): d_typell in Ob J*; env3> 
else Failure(? in String, env2) . 


The string argument to Failure is arbitrary. L_state is defined in section 6.5. 


New_array: Array > Array 
New_array returns the successor to the given element. (The domain: Array is 


isomorphic to the natural numbers.) ~ 


E_exprLupld_typelexpr)Kenv) = res <term; obj*; envi> =: E_expriexpr, env) - 
| let val ‘aobj* to Obj in Val 

in Yen ETRY e Se of 

<normal in Term; (val: d_type]l in Obj*; envl> 
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_ E_expridownlexpr)Menv) = res <term; obj"; envi> = Eexp (exp: 
| let obj mr erat 


in 


Hf the type Seg ce ae aes sp could simply 
replace the d -type component of the object with the abstract "ype instead of 
adding a new ‘ayer; down Wadd “then répthed the’ ‘Ac tyPe Contipeheht with the 
representation’ type instead of removing a dager. Hewexee, if the representation 
type. were any, shen. information would.bg Jog: by.sugh an. "optimization”, and 
correct invocations of force on down'ed. objects would fail... 


E_exprLexprl cand seen: m res <term; sad enviy «= Recplesetl, env) 


let. Ph, A IR rant RO. 
an 

f ch jaai i beet, “ 
then, Kesler envi) 


else <noen an Term; obj*; envi> . 


oe: 


E_exprLexprli cor expr2Kenv) » ves. <term; obj enyl> = Evexpriexpri,. env) 
Net obj sie wf OOK] 
in 
: ¢ obj.val to Boo! - 
“then “<norvial { in Term, és envi> 


alse + Eexprlenprd, envy 


fe SAGITE 


6.8 Statements 


_ Fhe-ma jor. functions defined.in this.section are... 


E_stmt: Smt x Env» Result... 

E_unit: Unit x Env > Result 

Assni: Idn X Obj x Env Ene 
Assn: _cldn* x Obj* x Env. Eav 


' Assnil and Assn are used for assigning ob jects to Variables. 


ng 


E_unitLstmt* local idn*Kenv) = let <term; obj*; envl> = E_stmts(stmt*, env) 
: env2 = Unassntidn*®, envi) 
in . 2 . 
Pass(term, obj*, env2) 


Pass is used to: propagate bottem.-in case evaluation of the body does not 


terminate. 


E_stmts(stmt*, env) = rec if Empty stmt*) 
then <normal in Term; nil ik'Obj*; env> 
ase res: storm; ob ff senvd> -m> BsstmtH ead(stmt*), -env) 
in | 
Estat Tadtsernt®), cenvb © 


Unassniidn*, env) = rec if Empiy(idn*) 
then env 
else let obj = U(bad in Val: (bad in D.type)3 
envl » de acai ‘obj, env) 
in 
Unassn(T ettidn®, ‘env 


Variable bindings are removed by rebinding the variables to the bad object. 


Assnitidn, obj, env) s let vimap = env.varslidn © obj) © 
enviv_map e vars) 


E_stmtLnoneKenv) = <normal in Term; nil in Obj*; env> 


E_stmtLidn* :2 expr* env) = res <term; obj*; envl> = Euexprsexpr*, env) 
let env2.. --... -m Assaidn*, obj*, envi) 
in 
<normal in Term; nil in Obj*; env2> 


E_stmtlidn* := invokeKenv) = res <term; ob}; envl> = E_invokelinvoke, env) 

let env2 = Assniidn*, obj*, envi) 
in 

<normal in Term; nil in Obj*; env2> 


Assniidn®™, obj , env) ree a Emptyidn®) 
then env 
alse let envi - “dsnbi tional”, Head(ob i", env) - 
Ry tit : yet 
Asn Beatie Rettig); ei 


E_stmtLinvokelMenv) = res <term; obj*; envi = E_inuohainvehe env) | 
in oe 8° 
<normal in- Terme wikia. Ob fty envi 
“THe: @b jects returned by tive lppvecatton: ase disninded. 


E_stmtLif expr then unit! ¢eait* ¢leneek@i andieny) = 
res <term; obj"; envl> = E_expriexpr, env) 
let obj. = obj* to Obj 
in 
if ob}.¥al to: Book . 
then ‘Bcenatenitl, envy 
else E ee areal es envi) 


E ~elseifsselseif™,. unit, env) = re 
if “Empty(elseif*) . 
then E_unittunit, env) - . 
else let Celseif expr then uniti? . Headielseif*) 


res <term; obj*; envi> ~ Lciprignes, omy) 
let obj . has te Obj 


in pik Sea CART. o: fags soa 
if obj.val to Bool 
thet Bwhistent!, env) - 
de Be cdaaitvenchars unit, envD 


121 


E_stmtL while expr do unit endKenv) = rec 
res <terml; objl*;envl> = E_expriexpr, env) 
let obj : = obji*' to Obj 
in : : ; : 
if obj.val to Bool ; 
then let <term2; obj2*; env2> = E_unit(unit, envi) 
in. . , 
if term2 is Normal v_ term2 is Continue | 
then E_stwt€while expr do unit endJ in Stmt, env2) 
elseif term2 ts Break = 
then: <normatin Term; nitin Obj*; env2>” 
_else <term2; obj2*; env2> 
else <normal in Term; nil in Obj*;‘ envi>- 


Executing a break statement in the body terminates, the while statement. 
Executing a continue statement in the body causes the rest of the body to be 
skipped for that cycle, but execution ‘of the while statement continues. Other 
non-normal terminations of the body terminate the: while statement. 


| E_stmtCreturn(expr* env) = res <term; obj*; envl> = E_exprs(expr*, env) 
in 
<return in Term; obj*; envi> 


E_stmiL signal name(expr* env) = res «term; ob j*; envl> » E_exprstexpr*, env) 
let’ term) i. <signal; name> in Term 
in icy : 

<terml; obj"; envl> 


E_stmtL exit name(expr* env) «= res <term; obj; envl> = E_exprs(expr*, env) 
let terml = <exit; name> in Term 
in, 
<terml; obj*; envl> 

E_stmtEbreakienv) = <break in Term, nit in Obj*;. envs: 


E_stmtE continuel(env) = <continue in Term; nil in Ob;*; env> 


E_stmtL begin unit endI(env) = E_unit(unit, env) 


Sick 
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E_stmiltagcase expr tag* endKenv):..a.. res. a anaes. ents ire. or 


lat. Araledayped = obj* to Abi 


Ename: ob ji = val to Oneof,.. 


in eqn O 


ib ipgaltagt,, panes, os. peer 


E_tags(tag*, name, obj, env) «= di 


Ph es 
ihe ae 


feng tote 


Af afed pad mre 
Ah cs bids 


Legality-checking hasvensured chat: one ou ar comuned. 


Match. tag tag name® (idn): pains, a pane A weer ate . 


; LEP SRA POO Sesyajels alae 


eee eaiaaonnee SP icine Sad aaeeeay ee 


wis | 


“4 


E_ tagl tag riariie® Gans Uniti fer ao tet “eh “2° ital “a6 env) 


abe 


ety Tt ; ” 
et. ow abe SEES 


in. 


®- 


Rs 


.E_tagl tag name*: a all ‘Bouniituiit:’ env) 


E_ foe ied env) a: Eaten, « env) er hg coPartae berg e 


He F  grety deagear = 


E_stmt€for idn* in invoke do unit endKenv) * . 
let loop* anCordituadaP yak; env.vars>, env.loops) 
<term; obj*;envl> = E_invokdinvoke, enviloop® : @ loops) 


ce sn thes does 
"etanty ‘hl Soap" We HroddtenVESiepi me SICE TG Ka)oGiAM Pea ao, 


eae aetPt bet I8 


Pass(term, obj, envitv map e vara ett oop e loops) 


The invoked iterator handles term 


ination 


ination, including execution of break and 
continue statementa:: Page: te used te: propagate bettom iv coakxthe: tiirator for 


some cycle of bed ¢ loop, pesy does not, wreninatt. 


ee 


avis? ni sumgaoa> a (vase gutting ge 7 


ee EL 


10) paper (én *eayiy ai auiaua sae ay 


E_stmtl yieid(expr* YKenv) 2 
res <terml; objl*; envil> «= 
let <idn*; unit; vmap> = 


env2 = 

env3 = 

<term2; obj2*; env4> « 

loop* " 

env5 — . 
in 
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E_exprstexpr*, env) 

Head(envi.loops) 

envilv_map e varsiTaillenvi. loops) @ loops) 
Assntidn*, obji*, env2) 

E_unitunit, env3) . 

Consiga? unit; env4. vars>, env4. loops). 
enivRenvi.¥ars « e Gani @ foops) . 


if term? is Normal v term? ts Contiius: 
then <normal in Term; nil in Obj*; env5> 


else if term2 is Break 


then <return in Term; nit: in Obj*; envb> 
“else <term2 to_in Loop_ term in Term; ob j2*; env5> 


Executing a break statement in the ‘body. terminates the iterator (and the 
invoking for statement). Executing a cantinue: statement in: the body causes the 
rest of the body to be skipped for that cycle, but execution of the iterator 
continues. Other non-normal terminations of the body terminate the iterator, but 
the result must be propagated. et the ieerater and back to the caller. 


EL stmiLstmt except catch® endi(env) = let <term; obj ents: " -E_stme(stmt, env) 


in 
case term 
elem <enit; name>iof Exit 
then E_catchs\catch*, name, obj*, envi) 
else tere ‘bf envi> , 
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E_catchs(catch*, name, obj*, env) = rec 

if Empty(catch*) . 

then let term = <exit; name> in Term 
in | 
<term; obj*; env> 

else if Match_catch(Head(catch*), name) 3 
then E_catch(Head(catch*), name, obj*, env) 

else E_catchs\Tailcatch*), name, obj*, env) 


Exits not caught by any handler of the except statement are propagated through 


unchanged. 
Match_catchll when name* (idn*): unitI(name) = name e name* 
Match_catch- when name* (x): unit](name) = name € name* 
Match_catchL others: unitKname) s true 
‘Match_catchLothers Gidn): unit (name) r true 


E.catchE when name* Cidn*): uniti(name, obj, env) « 
let envi = Assn(idn*, obj*, env) 
in 
E_unit(unit, envi) 


E_catchl when name* (): unit}iname, obj*, env) = E_unit(unit, env) 
E_catchLothers: uniti(name, obj*, env) = E_unittunit, env) 


E_catchLothers (idn): unit(name, obj*, env) «= 

let ditype = [du,,,,,, C13 in D_type 
obj = U(Make_string\name) in Val): d_typel 
envl = Assnifidn, obj, env) 
in : 
E_unit(unit, envi) 


The idn is bound to a string representing the exception name. 
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Make_string: Name ~ String 
Make_string returns the string. corresponding to the given name. (Name and 
String are isomorphic domains.) 


6.4 Modules 


The ma jor function defined in this section is: 
Meanie Mod_form + Imp — 


Meqtinghop form) ® ica a ob, env). E-oplop form, ‘ob ji*, obpe*, ‘env)) fn Imp 
‘Mouninghtype oni (nob j*, name). M-sypaype form, obj, name) in Imp 


M_typel cluster Cidn*] oper* endKob;*, . name) « 
let op.forml «= Find_eplname, oper*) 
op_form2 = Substiobj*, idn*, op_forml) 
in 


A(ob jl*, obj2*, env). E_oplop form2, obji*, 0bj2*, env). 


-Find_oplname, oper*) m= rec let Lidn = op. form]. = -Head\oper*) 
, in ‘ 

if Makeidn(name) = idn 

then op.form 

else Find_oplname, TatKoper*?) 


- Legality-checking has ensured that the operation exists. 
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E_opL routine Cidni*} a) unit endiobji*, obj2*, ew) 


ter unitt « Substteyf*; taal", uni 
envi mw Assntidn?®, ob hiened 
<term; obj3*; env2> = E_unittunitl, envi 
in | 
case term 


elem normal of Normal 
then Failure\"no return values" in String eny2) 
elem return of Return 
then <normalin Term; ob a env2> 
| elem: «pignaak names.of Signal. - 
cae let exit = <exit; name>. 
<exit in Tec ob j8*; env2> 
elem <exit, name> of Exit  ~§  re 
then if name = ("failure” in Name) — 
then <term; obj8*; env® 
else let string = — ee im Sting 


in 
FatturAstring, env2 
elem loop_term of Loop term . 
then pi fords to_in Térity; Rotate eva | 
end 
As part of legality-checking, return seaternents are — to the ends of routines 
ena ed pap 
that do not return any objects; ‘thus a ‘routine ‘body “which evaluates to a normal 
result is in error. Signals are changed to exits at the routine boundary. Failure 
exits propagate through; any other exit is changed to a. failure exit with the 
original exit name as the result object. A non-normel termination of a for boop 
body is passed back to the caller. 
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6.5 Built-in Abstractions 


| In this section we define the built-in procedure:generator force. and the operations of 
the built-in types and type generators. Each routine is defined either by giving a routine 
heading and an element of the domain Op, or by giving a routine written in CLU. The 
implementations are not necessarily the most efficient possible. We do not define any 
operations related to input/output, since I/O is not part of the Janguage proper. . 


“Several routines can signal failure, but the exact string returned can vary from one 
system implementation to another. We indicate these strings with a question mark, as in 
Failure(? in String, env) 


When computing with integers, the operators. o's Ms ’s’, 's', etc. have their ‘usual 
mathematical meaning. We also use ‘the operators '/' and '//', defined by 
x/y=q A x//y at iff (Os r<|yp A &aygen 


When computing with reals, we will treat Cintl eint2d as the real number intie10‘"*?, 
For example, 
Linti e int2] <Cint3 eint4] iff —_intie10**2 < intSe101"** 
An expression such as 
| Cintl e int23 + Lint3 e int4] 
means that one should choose the normalized element of Real that represents 
~ intls10*t2 + int3e10 1" 
and similarly for other operators. The exact normalization algorithm is is not important here 
(though it must be the same as that used by the parser); nero mn simply ensures that 
our use of strict element equality: 
Cintl e int2] = Lint3 e int4] iff intl = intS A int? = int 


corresponds to the usual meaning of equality. 
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6.5.1 Auxiliary Functions 


For every: donmin: D* we define thefuneens bape ys fol 


bare DRED 
Front: . DY Dt. 

Sizes D* + Int 
Fetch: — D* x Int> D 
Store: D* & fe x’ D'S DS 


The definitions of all but the last two should be obvinws._ _Paaeh, abd Store, are defined as 


f oliows: 


Fetch(d*, int) = ree if int=1 
_ then Heqd(d*) ae 
~ tse Patch deka ‘int - -pb 


Store(d*, int, d) = ree ff int =1 eG 
‘then Cons(d, Taiktd*) 
else QonstMamdia®), SéorslT atid) im ~ 1,0) 


Min_int: ~ Int 
Max_int: ~» Int 
Max_echar: ~ Int 
Min_real: — Real 
Max_ real: ~~» Real 


The values of these constant f unctions can vary — one syle. Ienplementation 
_ to another; the only restrictions are; . 
Min_intQ < 0 | 
‘127 s Max_charl) s 51 
Max.char\) = Max_tat\) 
0.0 < Min_real() < 1.0 < Mox_real) 


Liintlint) = Min_int() s int s Max_int() 


L_realreal) = real=0.0 v Min_reat0) s|real| s Mex_reet0) 
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Lichar€Echar inth 2» Os int < Max_chart) 


L_chars(char*) = rec if Empty(char*) 
then true 
else L_char(Head(char*)) A \ L_chars(Tau(char®)) 


L_string{string) = L euetutaing A L_int(Stze(string)) 
The size of the aring must be a representable integer. 


L_ statelint, obj*) = L_intlind)’ A L_int(Sizeobj*) A L_iatlint + Sizeobj*) - 1) 
The index of each array element and the size of the. array must be representable 


integers. 


Approx: Real ~ Real — 
Approx defines the imprecision of ‘using finite approximations to real numbers, 
and can vary from one system implementation to another, The only restrictions 
placed on Approx are as follows. Given that . 
L_reallreal) A L_reatreall) A Lirealreal - 
~ is true, then 
Approx(real) is normalized 
Approx Approx real)) = Approx\real) 
reall < real2 implies  Approsreall) $ Apprestreat2 
Approx\-real) = -Approx(real) 
real «0.0 — implies Npmedemt ~ read) / ral < 1o"* 
Approxt0.0) = 0.0 
Approx(1.0) = 1.0 


. Bad_add: . Real x Real ~ Real. 
. Bad_add is used for real additions when the arguments differ in sign. The only 
restriction placed on Bad_add is.as follows. if 
Bad_add(reall, real2) = real A L_reatreal) 
then 


real = Approx(real) 0 |(reall + real2 - real/(reall + reat2)| < 10°$ 
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R2i: Real + Int | 
R2i rounds to the nearest integer, and towards zero in case of a tie: 
|ER2uread @ 03 - teal 505 A |LR2read-» 03 < [read + 0.5 


Trune: ' Real Int . 
Trunc truncates its argument towards zero. 
[Cr runctread @ 09 - rea s 1.0 A [ETrunctreat) © 03] 5 [rea 


Return_boollbool, env)» let d.type = Cd.) kibin Duype 
in 


<normal in Term; (bool in Via: d_typel in Ob ff: env> 


Return_int(int, ? s let d_type « aan. cn in Daye 
<noemal in Term; Bunt wane sda mont any> 


Int_resulttint, env) « if L_intdinv . 
then Reterhomdint, eth 
else Error\“overflow" in Name, env) 


Return_real(real, env) = let d_type = Edu... ch in Biype 
in a 
ee in Term; Etoeai in edie in Obj*; env> 


Real_result(real, env) = f L_real(real) 
“then Return_reak Apprdcl reali; ‘eiv) 
ese if [read > Max_realt) : 
then Error\overflow” in Name, . ny). 
else Error(“underflow” in ae env) 


. Return_char\char, env) a let d_type = Cduense f am in Daspe. . 
e in 
<normal in Term; fE(cha¥ tn’ asdeisage ty 3 env> 


tad Neruda ated ih Pah 
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Return_string(string, env) = let d.type = Edu 
aie : 
<normal in Term; C(string én Val): d_typel in Ob fe env> 


string C13 in D_type 


- Eq_obfobjl*, obj2*, env) = let <objl; obj2> = obj2* to Obj* 


in . ; 
Return_boollob jl = obj2,: env) *- 
Eq_obj will be used in defining various “equal” operations. 


Error(name, env) = let term = <exit; name> in Term. 
in ; 
<term; nil in Obj*; env> 


6.5.2 Force 


force_ = proc [t: type] (x: any) returns (t) signals (wrong type) 
Mob jl*, ob env). let objl = objl* to Obj . 
obj2 = ebR to ot 
. in 
if Includestob jl.val to D type, ob oh payee: 
then <normal in Term; obj2*; env> =~ 
else Error("wrong_type" in Name, env) | 


Includes is used instead of strict equality because the type any is a_ legal 


parameter to force. 


6.5.3 Null 


equal = proc (nl, n2: null returns (boob 


return(true) 
end equal 


similar = proc (nl, n2: nul) returns (bood - - 
return(true) 
end similar 


copy =. proc (n: null) returns (null) 
return(nil 
end copy 
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6.5.4 Bool 


and = proc (bl,b2 boo) returns, (boo) 
return(b]. cand. b2 
end. and 


or = proc (bl, b2: boo) returas4bonik- 
return(bl cor. b2) ee. 
end or _ 


not = proc (b: boo!) returns (bool) 
if b 
then return(false) 
else. return(true) 
end 
end not 


equal = proc (bl, b2: lo 
Eq_obj 


similar = proc (bl, b2: bool). returns. (wood 
return(b]k =.b2). a 
end similar . 


copy = proc (b: boo? returns hood 


retupekb).. - 
end copy 


6.5.5 Int 


add = proc (il, i2: ind returns (int signals (overflow) 
A(objl*, obj2*, env). let <objl; obj2> = enti taObyh 6 
, in a 
Int_result(objl.val to Ind + (ob j2.val to Ind, env) 
Note that add is not a parameterized ponent. ten geen aetna is net 
used. This will be true of all of the definitions that follow.°"~ 


sub = proc (il, i2: int) returns (ind signals (overfiow) 
Alebjl*, obj2*, env). let <obji;'0b js: + 0bj2* te Obj? 
Int_result((objl.val to Int) - (ob f2.val to Int), env) 


mul = proc (il, i2: ind returns (ind signals (overflow) 7 
Aobjl*, obj2*, env). let <objl; obj2> =. 0bj2*.10 Obj? 
in . . 
Int_result(lab ji-val to Ind s (ob J2-val to Ind, env) 


minus = proc (i: ind returns (in® signals (overflow) 
return(0 - i) : 7 
except when overflow: signal overflow end 
end minus . ats 


div = proc (il, i2: Ind returns (ind signals (zero_divide, overflow) 
Atobjl*, obj2*, env). let <objl; obj2> = 9bj2* to Obj? : | 
int “= obj2.val fo Int 
in 
if int =0 
then Error\“zero_divide” in Name, env) - 
else Int_result(objl.val to Int) / int, env) 


mod = proc (il, i2: int) returns (int) signals (zero_divide, overflow) 
ACobjl*, obj2*, env). let <objl; obf2> ‘= "obj" to Obj? 
int = obj2.val fo Int 
in re 
if int =0 
then Error\"zero_divide” in Name, env) 
else Int_result((obji.vat to Ind) // int, env) - 
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power = proc (i, e: int) returns (int signals (negative_: exponent, overflow) 

if e < 0 then signal negative_exponent end 
pow: int := J; 
for j: int in int$from_to(l, e) do 

pow := pow ¢ i 

except when overflow: signal overflow end 

end 
return(pow) 
end power 


from_to_by = iter (from, to, by: int) yields (int 
while by >0 & from<s=to | by <= 0 & from >= to do 
yield(from) 
from := from + by 
end 
end from_to_by 


from_to = iter (from, to: int) yields (int 
for i: int in int$from_to_by(from, to, 1) do 
yield(i) 
end 
end from_to 


It = proce (il, i2: int) returns (bool) 
A(objl*, obj2*, env). let <objl; obj2> = obj2* to Obj? 
in 
Return_bool((objl.val to Int) < (obj2.val to Int), env) 


le = proc (il, i2: int) returns (bool 
return(il < i2 | il = i2) 
end le 


ge = proc (il, i2: int) returns (bool) 
return(i2 <= il) 
end ge 


gt = proc (il, i2: int) returns (bool) | 
return{i2 < il) 
end gt 


equal = proc (il, i2: int) returns (bool) 
Eq_obj 
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similar = proe.(il, i2: ind returns (bool eae 
return(il = i2) 
end similar 


copy = proc (i: ind returns (ind 
return(i) 
end copy 


G.5.G Real 


add = proc (rl, r2: read returns (read sieslie (overflow, undert ow) 
Atob a, obj2*, env). la’ “obj; ob p> = “obs2 Obs 
 feall -" = objl.val to Real 
real2 » ob Br val to Real 
in 

¥ {reall-< 00: a: real2. > 0.0). Mv (reall > 0.0 A real2 < 0.0) 
: then Real_resuld Dod addtreali, reai2), env) 
else Real _resuitetreall + ‘real2, env) | 


sub = proc (rl, r2: real returns (read ‘signals Cowettion, underflow) 
return(rl + -r2) 
except when overflow: signal:overflow: 
when underflow: signal underflow 
end 
end sub 


~ mul = proc (rl, r2: real returns (real) signals (overflow, underflow) — 
-MobjI*, obj2*, env). let <obji; ob f2> - ‘Gb bo Obj? . | 
in 
Real_result(ob B wval to Read # (ob Jf2.val to Reads: env) 


minus = proc (r: real) returns (real) 
— ACobjl*, obj2*, env). let obj = ob j2* to Obj 
Return_real-(obj.val to Real), env) — 
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div = proc (rl, r2: real) returns (read signais nen ene ees 
Alobji*, obj2*, env). let <objl; obj2> = ob jz* toObj? te 
real = obj2.val to Real 
in 
if real = 0.0 . sa ate 
then Error\"zero divide” in Name, env) © |... 
else Real_result(obji.val to Read / real, env) 


power = proc (r, e: real) returns (real) 
- signels.(zera. divide, complex seni, qveriion, underflow): 
A(ob jl*, objet, sen. bet. sah ih gies = obj2": Obey és 
— reall — = obji.val te Real - 
real = obj2.yal to Real 
goes are 
if reall =0.0 A real2 < 0.0 
_- then. Erred"1ero_dividel in: Name, env). 
else if reall:< QQ... ~hewalRoa TE R2itrenl2) e023) 
then _Erroxt'complex tt.in Name, one) 
else % the rest is system: ne 


i2r = proc (i: int petucne (read signal overfigw) ne es 
ACobjl*, ob j2*, env). let obj = sil leeches 
Reat_result(E(obj.vai to Int). e 03, env) 


r2i = proc (r: real) returns (ind signals (overflow) ga Gaia 3 
Atob s", ob j2*, env). let obj - qb j2* 19. Obj. “ale 2 
in 
Int_result(R2ilob jval to, Real, env) 


trunc = proc (r: real) returns (int) signals (overfiow) 
Atobjl*, obj2*, env). let obj = abj2* to Obj 
Int_result(Trunclob iva! to Real), env) 


It = proc (rl, r2: real returns (bool) . 
A(obji*, obj2*, env). det <objl; obj2> = obj2* to Obj? 
in . - 
Return_bool((ob jl.val to Rea < (obj2.val to Real), env) 
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le = proc (rl, r2: real) returns (bool 
return(rl < r2 | rl = r2) 
end le 


ge = proc (rl, r2: real) returns (boo) 
return(r2 <= rJ) 
end ge 


gt = proc (rl, r2: real) returns (bool 
return(r2 < rl). 
end gt 


‘equal = proc (rl, r2: real) returns (boo) 
Eq_obj 


similar = proc (rl, r2: real) returns (bool 
return(r] = r2) a3 
end similar 


copy = proc (r: real) returns (real) 
' return(r) — 
end copy 


6.5.7 Char 


i2c = proc (i: ind returns (char) signals (illegal_char) 
A(objl*, obj2*, env). let obj = obj2* to Obj 
char = Cchar (objval to InvJ 
in . 
if L_char\char) 
then Return_char(char,. env) 
else Ervor\"itegal_char’ in Name, env) 


- ¢2i = proc (c: char) returns (int) eo Be et a 
Alobjl*, obj2*, env). let obj © 0bj2* to Obj. 

Coher inth-»: objvat to Char 
Return_intint, env) 
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It = proc (cl, c2: char) returns (boo) 


return(char$c2i(c)) < char$c2i(c2)) 
end It 


le = proc (cl, c2: char) returns (boo) 
returni(cl <c2 | cl = c2) 
end le 


ge = proc (cl, c2: char) returns (bool) 
return(c2 <= cl) 
end ge 


gt = proc (cl, c2: char) returns (boo) 
return(c2 < cl) 
end gt 


equal = proc (cl, c2: char) returns (boo) — 


_ Eq_obj 


- Similar = proce (cl, c2: char) returns (bool 
return(cl =.c2) 
end similar 


copy = proc (c: char) returns (char) 
return(c): 


end copy 
6.5.8 iin 


ae ae ee oe 


size = proc (s: ie returns (ind 


A(objl*, ob j2*, env). let obj "objet 10 Obj 


in’ 


me Veli Das iseks patton, env) 


indexs = proc (pat, str: string) returns nial 
z: int := stringSsize pearl’ © 


for i: int In intéfromamh, stringSsizetaarh ae 3 


if pat = stringSsubstr(str, i, z) 
then return(i) end 
end 
return(0) 
end indexs 


ve + 
Pg hae SF 


indexc = proc (c: char, & string). returns (ind. 
Bessie la ede at a teat s)) 
end. indexc 


c2s = proc (c: char) returns (string) 
Alb jl*, obj2*, env). let obj = obj2* to Obj 
in . | 
Return_stringlobjval to Char in Char®, env) 
concat = proc (sl, s2: string) returns (string) 


Alobjl*, obj", env). let <objl; obj2> = obj2* 10 Obj? 
string = Concatlobji.val to String, 


ob j2.val fo String) 


in 
if L_string(string) 
then. Return_string(string, env) 
else Failure(? in String, env) 


append = proc (s: string, c: char) returns (string) 
returns Il string$c2s(c)) 
-end append 


fetch = proc (s: string, i: int returns (char) signals (borids) - 
A(objl*, obj2*, env). let <objl; obj2> = obj2* to Obj* 
| | string = obji.val to String 
int “= obj2.val £0 Int 
in 
if 1 < int s Size(string) 
_ then Return_char(F etcA(string, int), env) 
else Error\"bounds” in Name, env) 


rest = proc (s: string, i: int) returns (string) signals (bounds) 
return(stringtsubstr(s, i, string$size(s))) 
except when bounds: signal bounds end 
end rest 
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substr = proc (s: string, nlow: int, nsize: ind: ‘eiguaiw Womnls; 
if nsize < 0 then signal negative size etd ii)! 2 * 
2: int := stringtsize(s) 
if nlow <1 cor niow-1l>z 


et 


then signal bounds end Re Ai ase 


$s: string := BS Bogs SYS Rae ee! eee 
last: int := z 
if nsize <.z - ndow. + 1 
then last := nlow + nsize - 1 end 
for i: int in intSfrom_to(niow, last) do. 
SS i= strinssapperds ss si) oe 
end 
return(ss}.. ..- ; 
end substr.. ee ears 


s2ac = proc (s: string) returns (ac) 
ac = arrayl char] 
a: ac := ac$new() gies 
for c: char in stringseharde) idee 
-actaddh(a,o 
end Hite es VPS 
return(a) 
end s2ac 


“ac2s = proc (a: ac) returns.etring). bk charg fsa 


ac = arrayl char] ee 
an ee Be 


8: String := ; 

168 c: char in acselémentita) ¢ do” ee 
S$ := stringSappendté, 0 : 
end 

returns) 

end ac2s 


chars = proc (s: string) jleuda (char) 
for i: int in int$from_totl, stringsuize(o) all 


yieldsli) 9 0 + DENSSS HOTU SS 


end PEAR gL 
end chars — 


—— : 
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It = proc (sl, s2: string) returns (bool 

zi: int := string$size(s)) 

22: int := stringSsize(s2) 

min: int := zl 

if z1 > z2 then min := 22 end 

for i: int in int$from_te(l, min) do 
if sili} < s2Ci) then return(true) end 
end 

return(zl < 22) 

end It 


le = proc (sl, s2: string) returns (bool) 
return(sl <s2 | sl = s2) 
end le 


“ge = proc (sl, s2: string) returns (bool 
return(s2 <= sl) 
end ge 


_ gt = proc (sl, s2: string) returns (boo) 
return(s2 < sl): 
end gt 


equal = proc (sl, s2: string) returns (bool) 
£q_.0bj 


similar = proc (sl, $2: string) returns (booD 
return(sl = 52) 
end similar 


copy = proc (s: string) returns (string) 
return(s) 
end copy 


6.5.9 Array Types 


The heading of the array type generator begins 
_ array_ = cluster [t: type) is ... 
‘at. arrayit) 
We will make use of “at” and “tin the definitions that follow. 
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create = proc (nlow: int) returns (at) 
return(atSinlow: J) 
end create | 


new = proc () returns (at) 
, return(at$create(1)) 
end new 


predict = proc (nlow, nsize: int) returns (at) 
return(at$create(niow)) 
end predict 


low = proc (a: at) returns (ind 
A(ob jl*, obj2*, env). let obj = 0bj2* to Obj 
| <int; obj8*> = env.acraysiohpyel fo Array) 
in ‘ i 
Return_intlint, env) 


high = proc (a: at) returns (int yee ae Pik Fe 
return(at$low(a) + (at$size(a) - 1)) 
end high 
size « proc (a: at) returns (int) “aitats geet 
A(objl*, obj2*, env). let obj = obj2* to Obj 


<int; obj8*> = env.arraystobj.val to Array) 
in - wp QiveasPigs CypidAP AA ak 
Return_int(Size(ob j3*), env) 


set_low = proc (a: at, nlow: Int) ape Se te 
Aobjl*, obj2*, env). let <objl; obj2> = obj2* to Obj? 
array . ob ji.val to Array 
intl . = Obj2.val to Int 
<int2; obj*> = env.arrayslafray) © 
a_map envarrayilarrey + <intl; ob j8*>) 
oe ra a en at eh ee rt ae 
if L_stateintl, ob j8*) a 
then <normal in Term; nil movfs enti map e sie ane 
ese. Fadlurd] in Siring,ehw) 


trim = proc (a: at, nlow: Int, nsize: ind signals (bounds; negative_size) : 
if nlow < at$low(a) | nlow > Bshighis) cand: apes > dcpice dui + i 
then signal bounds end - tas : 
if nsize < 0 then signal negative_size end 
while at$low(a) < niow do 
at$remia) 
end | 
while at$size(a) >= nsize do 
at$remh(a) 
end 
endtrim | 


fill = proc (niow: int, nsize: int, elt: 1) returne (at) signate (negative_size) 
Af nsize < 0 then signal negative size end . 
a:atce at$create(niow) | gee 
for i: intin int$from_to(l, ‘nsize) do 
 atSaddhfa, et? 
return(a) 
end fill 


fill _topy = proc (nlow: int, nsize: int, « t) returns (at) signals Reese 
owiere' thas ctpy: neces wo returns (1) 


if nsize < 0 then signal negative site end 
a: at := at$create(niow) © 
for i: int.in int$from_to(l, nsize) do. 
atsaddh(a, t$copy(elt)) 
end 
return(a) 
end fill_copy ~ 


fetch = proce (a: at, i: ind returns w ‘lonale (bounds) 
Alobjl*, obj2*, env). let <objl; obj2> = obj2* to Obj? 


<intl; ob8*> » env.arraysob jl.val to Array) 


int2 (Cob R.val to Ind - intl + 1 
ob j3 = Fetchobjs*, int2) 
in , 
if 1 int2 s Sizelobjs*) 
then <normal in Term; obf in Obj*; env> 
else. Error("bounds” in Name, env) 
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bottom = proc (a: ath returns) signals (hounds): 


return(alasiowa) . aia Wana je: 
except when bounds: signal bounds end: 


end bottem shed Ue: 


top = proc (a: at) returns (t) signals (bounds) 
return(alat$high(a)J) 
except when bounds: signal bounds end |... . 
endtop 


store = proc (a: at, i: int, elt: t) signals (bounds) 
(ob jl*, so env). let <obji; ob ob > = 0bj2* to Obj® 


Pag bese ape Sk ot Mi do Nitta 
<intl; objs*>" ” = énvarraystarrey) 
a Bm annienec igled 
ob j4* ee 
amap - cenv.arrayslarray ¢ cnt oy 
in ob 


tone 


if 1s int2 < Stzdob js") 


then snpemel in Teeny, pile ORs; sovtesane arsayal> 
alse. Perens" ‘in vaene, on 

addh = proc (a: at, elt: t) ee ee en ae 

A(objl*, obj2*, env). let <objl; ob j2>' abet oby i en shal 

array = objiwalio Atray9 

<int; obp*> = envarrayslarray) =, , 

ob j¢* = Appendiodj*, obj. . 

le sovarreptaseay e .<int; ob coy 


aim TL PEN Lapa Gogh. ag 


in 

ef ‘E_stateltht, ob ft) : ee 
then <ndtmel tn Teen nil in Obj*; clas e scapes 
: Selse° . Failura? in String’ ‘énv) 


AY PEA 
as 
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addi = proe (a: at, elt: 0) 


A(objl*, obj2*, env). let <obji; obj2> = obp 106s 


array = Objl.val te Array 

<intl; ob 8*> @ eny.arraystarray) 

-int2 = intl -1. , 

ob jt* 3 = Constob 2;: op) : — 
- amap aeliciuenialet cnt ob 
in 


if L_stateint2, obj4*) . 
then <normai in Term; nit in ad cova nap arya 
else Failure? in paca! et 


- remh = proc (a: at) returns (t) signals (bounds) . ce 
. Mobjl*, nie env). let obj. te objet 10 Obj. 

ety ‘= ‘ob pvt wary 

ating ws * _ env arr fat i 


amap  . = availa e int yt) 


' then Errer\"bounds” JaNaog, eny) Bi ari 
ae: sotmal de Tess iin ee e arrayil> 


reml = proc (a: at) returns w signals (bounds) ay is 
A(objl*, obj2*, env). let obj = obj wowpe 
‘lie ae. array obvi hay * 
<int; ob fs*> = envarrays(array) 
- objt* = Taikobss*) 
ob j5* = Headlobss*) in Obj? 
a_map = envarrayslarrey’ + dnt objt*s3 
in a PEE ee 
if Emptyobjs*) 
_ then Error\“bounds” in Name, anv : 
else <normal in Term; obf*; envia_mapeazraya)> 
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elements = proc (a: at) yields (t) 
for i: int in ais totenseie) ae. 
yieldali)) 
end 
end elements 


indexes = proc (a: at) yietda (ind. 
 Per.i latin HARE SENSU atShighta)? do 
: yield) 
end 
end CERES ; 


Sie = proc fal, ‘at at) returns (head: 
Eq_obj 


similar = proc (al, a2: at) returns {bagk. . 
where. t has similar: steiaa (t, o retwrne (boob 
it atSlow(al) += ar$low(az) | aesseeatborn ane 
then return faise), « nd . < 
for i: int in atSindexest 1 do . 
it Futiadente Liemthat n returnitaie? end 
end: . 2 : 
returaren: 
end similar 


similar] - - bros aa, a2: at) ‘Feturns (boo) — 
ow aiveriet fais equat’ proctype' (t, ) returns (boo) 

if atslow(al) w= atslow(a2) | at$size(al) we — 

then returnifaise) end ocean esa OF Batts 
for i: int in atSindexestal) de... LL Ss 

if alli] w= a2Qj). then fatgeaiai eng. 

end 
return(true) 
end similar 


eae 


copyl = prea tai sat). cauewiad 
aa: at := at$create(at$low(a)) 
for elt: t in atSelements(a) do 
' at$addh(aa, ale 
end 
rpetuswaa) 
end copyl 
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copy = proc (a: at) returns (at) where t has cop rromres returns () 
“aa: at ¢= atScopyl(a) Be 
for i: int in at$indexes(aa) do 
- aati) = sSoney aati: 
_ end 
return(aa) 
end copy 


G.5.10 Recerd Types 


The definitions given in this section are schemas. Each definition is given in terms of 
the record type | _— | 
RT = recordiN,: T,,...N,:T,J 
where the N, are in increasing lexicographic order. 


get_N, = proc (r: RT) returns (T ? 
nobjit, ob j2*, env). let objl = 0b j2* to Obj 
obj8* = env.records(ob jl.val to Record) 
obj2 = Fetchobjs*, i) 
in 
<normal in Term; ob j2 in Obj*; . env> 


There is a get_N , operation for every N,,. 


set_N, = proc (r: RT, elt: T,) 
A(objl*, obj2*, env). let <objl; obj2> =. obj2* to Obj? 


ob j3* = env.records(record) 

ob j4*- = Stordob p*, i, ob j2) 

r_map = env sreeordilrecord | © objt*) 
in 


<normal in Term; nil in Obj*; intense @ records}> 


There is a set_N , operation for every N,. 


equal = proc (rl, r2: RT) returns (boo) - 
Eq_0bj | 
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similar = proc (lyr; RT) reternssRegh 
where T, has similar: proctyrs Tp Fp cetasas ‘yao, 


7 has similar: proctyeeisFyy Eyprowens kbood 
return(T ,$similar(r1.N,, r2N ) cand .. cand T,Ssimilartri.N,, 72.) 
end similar - PRI Sask 


“Similarl = proc (rl, r2: RT) returns (boo) 
where T, has equal: proctype<],, T, Feeteris (bode, 


. a » has equal: prectyns. Ton T,). returns (hood 
return(rl.N, =r2N, cand . . cand rN, =12.N,) 
end simitart 


copyl = proc (r: RT) returns (RT) | 
. return(RTS{N: rN, .. No: r.N}) 
end copyl 


copy = proc (r: RT) returns (RT) where T, has copy: preetyre (T ? returns (T )), 


2 aRe 


ae “ae a cope prostype (T,) returns (T,) . 
rr: RT := RTScopyltr) 
tr.N, c= TSeopyi-N, ) 


rr nN, = T opyte) oh ae riya cuties 
return(rr) 
end copy 


6 5 11 Oneof yee 


The definitions dain nm this section ‘are schemas. Bach definition is given in terms of 
the oneof type 7 
OT = oneofiN ;: oT: ov N, T Be as 

where the N, are in increasing lexicographic order. 
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make_N, = proc(T,) returns(OT) nes 
X(objI*; 0bj2*,, eny). At obj = obff* 40Obj >” - 
oneof «= evi a 
in 
snormal.in Terms. Lloneot in Vals OT3 tn Obj; env> 
"We have informally used OT s asa 2 d.sype. There is a anke Ny: Speration for 


every N,. 


_is_N, = proc (x: OT) returns (bool) 
tagcase x 
tag.N;: returnitrue) . 
others: return false) 
-end 
end is_N 1 


value_N, = proc (x: OT) returns (T ? stgnale * wrong ag) 
tagcase x. Ge Ayana 
tag N, (v: TY): return(v) 
others: signal ‘wrong_tag 
end 
end value_N, 


Fauat = proc (xl, x2: OT) returns (boob 
oe ‘where T, Seopa: provtypeiT;, T, ) returns {pood, 


= s T. has equal: proctype (T,, tT) returns (bood 
tagcase xl 
tag N, (v: T,): returnly - OT$value_N (x2) 


tag N, (v: T,): return(y = OT Svatue_N (x2) 

end 

except when wrong_tag: return(faine? and. 
end equal 
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similar = proc (x1, x2: OT) returns (boo! 
where ‘Fy has similar: Prpanyen ya (Ty Tp returns (boo), 


T, has ‘iniilar proctype (T T m) returns (boo) 


tagcase xl 
tag N (v: T): heroin  Sauhutts OTSvalieN, veal 


race a 


Ge N, Ay: T ): return'T iia, OTsvalueN, 2 
end 
except when wrong_tag: returnitaise) end 

end similar 


copy = proc (x: OT) returns (OT) where T, has copy: prodtype tT ,) returns (T,), 


T,, has copy: proctype (T,) returns (T,) 
tagcase x1 tee PS 
tagN, (i T)): debe Vane evo e oh tite LIN 


tag N,, (v: T,): return OT$make_N ie ta 
‘end 
end copy 


6.5.12 Procedure Types 


The definitions given in this section. are schesaas. Each lefinition is given in terms of 
a procedure type T. | | 


equal = proce (rl, r2: T) returns (boo? 
A(objl*, obj2*, env). let <obj); obj2> = obj2* ta. Ob,’ 
in 
Returt_beoltodi:val « ob j2 val, enw) 
We ignore the type descriptors because one or both descriptors can be routine. 


similar = proc (rl, r2:T) returns (boo) 
return(r] = 12) - 
end similar 


copy = proc (r: T) returns (T) 
return(r) 


end copy 
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6.5.13 Procedure Types 


The definitions given in this section are schemas. Each definition is given in terms of 


a procedure type T. 


_ equal = proc (rl, r2: T) returns (bool 
A(objl*, obj2*, env). let’ <objl; obj2> = obj2* to Obj’ 
in 
Return_bool(ob jl.val = obj2.val, env) 


We ignore the type descriptors because one or both descriptors can be routine. 


Similar = proc (rl, r2: T) returns (bool 
return(rl = r2) 
end similar 


copy = proc (r: T) returns (T) 
return(r) 
end copy © 


6.5.14 Routine 


We will informally use routine in CLU text below, even though one cannot reference 


the special type routine in this way. 


equal = proc (rl, r2: routine) returns (boo) 
Alobjl*, obj2*, env). let <objl; obj2> = obj2* to Obj? 
in 
Return_bool(ob jl.val = ob j2.val, env) . 
We ignore the type descriptors because one or both descriptors can be a procedure 


or iterator type. 
similar = proc (rl, r2: routine) returns (boo) 


return(rl = r2) 
end similar 
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copy = proc (r: routine) returns (routine) 
return(r) 
end copy 


Cl 
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7. Conclusions | 


The goal of this thesis was to develop a precise, formal definition of CLU, with the 
hope that such a definition would be a useful tool in other work. This hope has already 
been met in three ways. First, this research has provided.us with the opportunity to 
evaluate various features of CLU from a new viewpoint. Although our understanding of 
the meaning of CLU. programs has not really changed, we did ‘discover several places 
where our understanding of legality-checking was faulty or ‘incomplete, and changes were 
made to CLU as a result. Second, our definition is now being used to verify (informally) 
the correctness of the legality“checking phase ef the CLU compiler. Third, our definition 
provides a_ basis for -evaluating the usefulness of the definition method proposed by 
Schaffert(Schaffert78a). We discuss each of these points oe below, and then finish 


with some directions for future research. 
7.1 Meaning 


Our definition is. divided into two major parts, one defining what.constitutes a legal 
‘module and one defining the meaning of legal modules. If we: ignore the definition of the 
built-in abstractions then the meaning .part is. quite short, less than 12 pages of actual 
equations. This indicates that the. model of computation: CLU. presents to the user is simple, 
uniform, and hence easily understood. It also indicates that the definition method we have 
chosen is an apt one. Most of .the mechanisms used in the meaning part are direct 
“implementations” of the informal descriptions given in [Liskov78], particularly those for 
variables, parameters, and exception handling. For example, we have used explicit 
_termination conditions to propagate exceptions through intermediate computations, rather 


‘than introducing continuations to effect transfers of control. . 


However, our treatment of iterators is not completely satisfying. Although the way we 
have defined iterators is simple;: and appears to be the simplest possible given. the 
underlying theory, it is somewhat backwards from the usual view that an iterator actually 
yields items to the caller. Having the iterator return a continuation to the caller, as 


discussed in section 2.2.4, is perhaps a truer representation of this view, but defining 
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iterators in this way woukd involve changing the definitions of all fie ether éatements to 
create and use continuations. If some other construct of GLU forced us to use 
: continuations, we. might feel jess strongly. about avoiding ‘thelr use for iterators; we might 
‘even Usé tontinuations for exception handling. Tn the absence of such a construct, the use 


Bt 


of continuations ‘Nees Ips Complicated. 


In seinig a Meaning we have sansa ianiseaal wahoan. aa omission is | 
“input/output Primitives. We haye net defined. any. VQ primitives becawse: implementors 
are free. tp choose their own, although a standard: hes.bem proposed LLishov73).: However, 
I/O is. essentially, wivial tp, incorporate inte- ous definition, Agde from simply adding 
Gefinitions of the priraitive. types and routines, the only change se-our definition would be 
the addition of one or pre unique id domates: and; eee eae te: scien new 
primitive mutable ob jects (such as streams). 


The other omission is more subtle, and concerns failures in real systeres, dna-en agtual 
implementation it is permissible for the system to generate a failure exception at any time. 
For example, when attempting to multiplytwo real nuiniets, palecenis as 

failures"floating point hardware broken”) 
could be generated. We could. Sepresent. this-by making” Binvike: wondecerministically 
| choase between executing. normally and failing witha randomly chen ‘srinig, bet in reat - 


systems the choice is deterministic. Since the exact! polwts ae-eiich such ferlurey can’ oti . 


and the exact reasons for such failures are. osrkpletely! ee ‘we maive 
Sarosen simply. to omit such failures from aur detigucien: “= see . 


7.2 ‘Legality 


2 BMS 


In contrast to the concise definition of meaning, our definition of legality is rather 

in, of the .lnnge- amaunt: a6 . etrorshesking. Being 
performed; for the most part the definition is is very siraighsierwand.. Hevwever;: two aspects 
of CLU merit. comment. here:. interface. specifications and: parneyners.. 


long. This is primarily just an indigation, 
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Our legality-checking algorithm basically performs a single pass over the syntax tree, 
The only exception is that two passes are necessary to check module headings. Although 
clever schemes could be used to minimize the work performed on the second pass, there 
does not appear to be any good way to avoid the second pass. In particular, we know of no 
simple, sensible rule that avoids the problem without unduly. restricting ¢ the class of legal 
modules. Of course, an algorithm is not bad merely because it requires two passes, but it 
took a substantial effort to determine and understand the minimum ‘assumptions necessary 
to derive and check interface specif ications, and this leaves us with the Feeling « that Pernep? 


ta better could (and should) be done. 


On the sub ject. of parameters, we wish to point out by way of two examples that in 


some respects there is a very thin line between having a well-defined mechanism and an 


ill- def ined one. The first example deals with the permissible types of parameters. CLU is. 
now defined so that parameters can only be declared with the types type, null, bool, int, 


real, char, and string. However, at one point procedure and iterator types, and certain 
oneof types, were also allowed. These types were removed when we discovered that one 
could write “legal” generators that could never be instantiated, as in i 

- X& = cluster (tl: oneoffa: t2], 2: oneoffa: nN] is... 


(Finite oneof type specifications cannot be written for any actual parameters.) 


_ This problem could be “solved” by allowing such: generators (even though they could 
never be used), or by imposing rules to forbid cyclic dependencies in parameter 
declarations, but it appears that no computational power is lost by eliminating structured 
type specifi ications. Indeed, given the dynamic behavior of CLU ob jects, it is difficult to 
think of many uses for non-type parameters in general, much less procedures, iterators, and 
oneofs. For example, the type of an array does not include any information about the size 


of the array because an array can vary dynamically in size. 


Our second example deals with parameterized operations of clusters. Having decided 
that parameterized procedures and iterators were useful as individual modules, the 
designers felt that parameterized operations should also be allowed for completeness, 


though no real use for such operations is yet known. It then made sense to allow specific 
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instantiations of parameterized operations to be lined in where clause restticnians: 
Unfortunately, we discovered that this last step ‘ied to an infinite ‘recursion in our 
‘legality-checking algorithm: when pple to certain pathologic modules (Scheif ler. For 


‘example, the type XCXt@) in 
Xs cluster te: * type is f. . where t has {(X(X(0): prectype i 


f= oresed type) O; ... end f; 
end xX, 


is legal only i if XC i isa legal parameter to x, , which, is ‘rye only if Xt0 has an operation 
fCXCXCX(tII9], which is true a dk if XOXIXtON isa aa iors which leads to an infinite 


recursion. 


This problem could be solved by giving full spegifications for. each, parameterized 
operation. This ig the approach taken in Alpbard. [Wulf 78), though apparently for 
syntactic unifor rity rather than in, response to this problem.) For example, one cauid, state 
| where t has Op = proc Cu: typel | (u) requrne { (us) where y hag... 
instead of 


where t has oplint): proctype (ind returns (inv, 
opt reall: proctype (read returns (read 


Since this solution requires additional syntax. ‘for an extremely rare case, an additional 
legality rule was: forraulaied dnstead. AThe function Laspaens Sumas cheek ‘in our 
def inition.) re z 


7.3 | Compiler ) Verification 


With respect to legality-checking, no-distinction din be made between “denotational” 
definitions and “operatiortal” definitions; there ar€ orfly diffetiiees in’ the precise algorithm 
used. Our definition of legality-checking’ was done ‘with dorhpilet ‘verification in mind, 
“which is why a (basically) one pass. algorithm. was, chagen,.,. Although the actual 
implementation of. legality-checking. in the GLU campiler differs, {rom pur. definition in a. 
number of respects. (primarily, for efficiency reasons), the. exerallalgarithen is identical and 
equivalence. is fair ly easy to establish. 
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Second, Schaf fert uses a producer-consumer pair of Processes to defi ine the execution 
of an iterator and its invoking tor statement. “A Special object is used to represent the 
queue between the producer and the consumer; this ob ject is ‘suitably ‘detined so that the 
‘two processes are constrained to execute alternately rather than simultaneously. Although 
this definition is closer than ours to the informal. description’ o i iterators, we feel: it is more 
complex and harder to understand, Hawever, we should. note, that While our method of 
definition can also be done in Schaffert’s formalism, the opposite is not really true. This 
indicates hat Schaffert’s formatisny: shoul: be: eaperter te dénomational methods for 
defining parallel programming languages. di 


Third, the concept ‘of mutable ob ects is built into Schaffer’ formalism; an explicit : 
representation of the universal state is not present in the equations, but rather is implicit 
throughout, Although this could tend to simplify the equations, another factor offsets this 
benef it. Specifis ica ly, a list of active variables (the arguments | to the ‘computat tion) is passed 


atic: 


explicitly. f rom _computation to computation. In our ‘pinion passing ‘around the kind of 
: HED i 


execution en vironment we have def ined is no more complicated and no harder t to 0 deal with 


than ‘passing around a list of variables. 


In summary, the CLU definition. given: here appears: ste: bea: iittle beter ‘than the. 
‘def inition: given:by Sebaffert. Except iv the treataient ef verinistes and werators, however, 
the differences between the two definitions are not signif icant, and really. have: nothing to 
do with the Aeedertyine theories. Furthermore, Schaffert’s method appears to be much 


“pea jo arog uwi an 


better than current denotational techniques for defining Programming rag that deat ; 


Ma HEE 


with parallelism. 


7.5 Directions sia users: eee’ 


One of the most important tasks. left jin): sida iale cacao Janguages is. the 
develapment of a clean, usable, axiomatic definition:manted. An axiomaticmethod should 
ot be extremely difficuke to devise, but no such..methad, ssams, ta exiat.. However, a 
proposed method will be given in (Schaf fert?8b) with which a straightforward axioraatic 
definition of CLU should be possible. 


157 


Our def inition of Meaning, on the other hand, was designed to be as simple as 
possible, with, the result that it is not particularly well-suited asan implementation Standard. 
4 Our view here is that our definition is well-suited to be the standard definition of CLU, 


Prat 


correct, other, f' banal def initions should be ¢ constructed, 
7. 4 Comparison to Schaffert’s Work 


There are major differences: between our definition and the one done by Schaffert 
(Schaffert78aJ, but for the most part they are differences in: aigorithm design, and have 
nothing to do with which underlying theory was used. Schaffert's legality-checking 
algorithm is multi-pass, and simply assumes the existence of legal interface specifi ications in 
i the library rather ‘than incorporating an inital pass to derive and install ‘them. 
| . Transformations of the parse tree are separated out as much as possible f rom ‘the actual 


legality checks. Further, CLU has ‘changed somewhat since ‘the time his definition was 
made: the exit and continue statements were added, as 5 was the f type real; the rule 
mentioned “above concerning infinite recursion was adopted; and a mechanism ‘for 
renaming exceptions was removed. These and other. differences result in Schaffert’s 
def inition. being a tittle shorter than ours, but in, practice his definition of ‘tegality: seems 
slightly harder to uaderstand, primarily due to the separation of. the transformations from 


_ the legality checks. cre 


. The two "definitions of meaning are the same in many respects, particularly in the 
treatment of parameters and exception handling, but there are three important dif ferences. 
First, Schaffert is constrained by his formalism to treat variables as ob jects of an abstract 
type, whereas we are free to treat them simply: as. names for. gb jects... Although treating 
variables as objects gives a uniformity and simplicity to the underlying semantics, it is 
counter to way CLU variables are normally explained {Liskov78): It may be that treating 
variables as’ objects yiekis a simpler axiomatic deseription, but proving equivalence to an 
axiomatic definition would not appear to be 7 harder with our definition than with 
Schaffert's. . ra 
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In addition, a better understanding of how to define general control structures is 
needed. Neither Schaffert’s definition of iterators nor ours is wholly satisfactory. Perhaps 
future work in defining parallel programming language constructs will lead to some 


answers. 
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"We use an, extended BNF grasmar: hl aap _ caneen between the ‘abetract 
syntax and text strings. The generalform of a pi 


nonterminal sx alternative 
- of >. alternative 


_ [> alternative 


: The on extensions, are orn = 

 atanids for fafa, apa, ey ap 
gy stands for (cla iahasby - 
fa] unite Glo Wt niall 


All semicolons are epsienal.in GILU, but foe simplicity shap:appear below without 
enclosing meta-brackets. -Noviterntinal spmboli appeat iA noreail’face. Reserved words 
Appear in. bald. ane All, other tecminal ee appear in nosmal. 


face. 


In, defining the Syntax, of expressigns, we, ices indicate. she precedence of the 
various operators with comments rather than explicitly —! precedence into the 
productions. ‘Higher prece ence Operations ate, eat noe “flags At binary operators are 
left associative except #4, which is “ associative. 


full _module : re + {gate} mae Pee 


inodule ots procedure, 
iterator 
_ | chester 


procedure us idn - = proc [ perm Jarge| wore] vem where J 
end ide ; 


iterator zs idn = iter [ parms ] args [ yields | [ signals ][ where ] ee 


body 
end idn ; 
cluster n= idn = cluster [ parms ] is idn,... [ where ] . 
cluster_body | 
end idn ; 
parms er (-decl peed 
args se ( [ deci, ... p 
decl zs idn,... : type_spec 
returns = returns ( type_spec rece) 
yields | zz yields ( type_spec rece) 
signals = signals ( cond_spec,... ) 


ee cond_spec us name [ ( type_spec , ... | | 


where ‘where restriction , ... 


‘restriction ::= idn has oper_decl pees 
| idn in type_set 


typeset oo: € idn | idn has oper_dec! vines :{ equate } }. 
| idn : ala 


oper_decl z= oper_name ,... : type_spec 


oper_name = name [ C constant ,... J ] 


constant ‘= expression 
| type_spec 
3 { equate sg statement } 


body 
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cluster_body :: 


equate { equate : 


routine { routine } 


routine i= procedure 
| iterator 


equate = idn = constant ; 
| idn = type_set ; 


rep = type_spec ; 


type_spec null 
bool 
int 
real 
char 
string 


any 


| 

| 

| 

| 

| 

| 

| rep 
| vt 

| type 

| array [ type_spec J 

| record [ field_spec,... J 

| oneofl field_spec,... ] 

| proctype ( [ type_spec ,... ] ) [ returns ] [ signals ] 
| itertype ( [ type_spec, ... ] ) [ yields ] [ Signals ] 

| idn C constant ,... J 


| idn 


field_spec us name,... : type_spec 


Statement 


D cmenediikenenendtiieen sendin ie 


eee eee eee — —— — <= 
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decl; 

idn : type_spec := expression ; 
decl ,... := invocation ;. 

idn , ... := invocation ; 


idn, ... := expression , ... 3 
invocation ; 


primary . name := expression ; 
_ primary ( expression ) := expression ; . 
if expression then body 


{ elseif expression then body } 


[ else body ] 
end; . 
while expression do body end ; 


return f ( expression yee) ] i 
yiela [ ( expression , ... } ] ; 
signal name [ ( expression , ... yj : 
exit name [ ( expression , ... ) I: 
break ; 

continue : 


begin bady end ; 
tagcase.expression 


tag_arm ¢ tag_arm }. 


[ others: body ] 
end; 


for [ deci, ... ] in invocation do body end; 
for [ idn, ... ] in invocation de body end ; 
statement except { when_arm } 


[ others_arm ] 
end; 
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tag_arm 


when_arm 


others_arm 


expression 


tag name ; a [ (idn: type_spec ) ] : body 


when name, ... [ ( decl,... )] : body 


when name , ... (#) : body 


others [ (idn : type_spec ) ] : body 


primary 

( expression ) 

~ expression %6 — (precedence) 
- expression %6 

expression #* expression * 5 
expression // expression x 4 
expression / expression % 4 

_ expression * expression % 4: 
expression Il expression % 

expression + expression % 

expression - expression % 

expression < expression % 2 
expression <= expression % 2 
expression = expression % 2 
expression >= expression % 2 
expression > expression % 2 
expression ~< expression % 2 
expression ~<= expression % 2 
expression ~= expression % 2 
expression ~>= expression % 2 
expression ~> expression % 2 
expression & expression % 1 
expression cand expression % i 
expression | expression % 0 
expression cor expression % 0. 


"primary 
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nit 

true 

faise 

int_literal 

real_titeral 
char literal 

string_literal 


type_spec $ name [ { constant, ... J ] 


idn 

invocation 

type_spec $ { field ,... } 

type_spec $ ( [ expression : ] [ expression , ... ] ) 
torce [ type_spec 

up ( expression ) 

down ( expression ) 

primary . name 

primary ( expression ] 


| 
| 
| 
| 
| 
| 
| 
| idn{ constant,... J 
| 
| 
| 
| 
| 
| 
| 
| 
| 


invocation i: primary ( [ expression , ... p 


field: oe name, Fe EON 


Reserved word: one of the identifi iers appearing in bold face in the syntax. Upper and 


lower case letters are not distinguished in reserved words. 


Name, idn: a sequence of letters, digits, and underscores that begins with a letter or 
underscore, and that is not a reserved word. Upper and lower case letters are not 
distinguished in names.and idns. 

- Intliteral: a sequence of one or more decimal digits. 


Real_literal: a mantissa with an (optional) exponent. A mantissa is either a sequence of 
one or more decimal digits, or two sequences (one of which may be empty) joined by a 


_ period. The mantissa must contain at least one digit. An exponent is 'E’ or ‘e’, optionally 


a | 


followed by ‘+’ or '~’, followed by one or more decimal digits. An exponent is required if 
the mantissa does not contain a period. Real literals are parsed to gorau exact 
values. eee 

facie tes 


Char_literal: either a “printing” ASCII character (octal 40: daeu:ostal 176) other than 
single quote or backslash, enclosed in single quotes, or one of seehs eicape sequences. 


Ps: a 
enclosed iri single quotes: 


escape sequence charager po tucine? T  aesed fae oer: 

MG. "(single quote) 

\" " (double quote) es 

\\ \ (backslash) 0. FR V Eo 

\n ; NL (newline) _ tet ) BoB u2 ae 

Nt a eee e ae a 

\p ee tnewpage ee a - 

\b . htc TMM LUSUNT 2 Bo" 

\r _ CR (carriage return) | 

\v VT (vertical tab) PRE ERS ay eae 

\tee specified by octal vaiue (+ is wieceal digit: : 
The escape sequences may be written using upper Giié‘leiers. TRE ASCII characters in 
their usual order correspond to octal values QFROURR AT cn | Phatanin: gt nr auirEn 


String_literal: a sequence of zero or more charagger, aneeentitaiesinnieet in double | 


quetes A character representation. is either a printing ASCII character, other than double 
* Th “ees agSh ead A te arto ek 
quote or backslash, or one of the excape ‘sequerices listed above. 


eew PSY IeEst TH beriznsgarrd jor are io 


Comment a sequence: of characters that begins with a percent te ends with a _ngwline 
pepGid) DB 2G tb ane te sore 
character, and contains only ‘printing” Mage characters and horizontal tabs in between. 


eo hae tage IW DAV IROL AIM ae i6dd esa eys2 
Separator: a “blank” character. a vertical - jdt eenato ab; carriage’ yeturn, 
newline, form feed) or a comment. Zero or more sepa 4 peel between any two 
SHES iMAIEL TTR rat app . soehill dice Y 
tokens, except that at least cone Separator is required | between any two ad jacent 


non-selfotarminating puree pealiiiarrd identifiers, tabeger een? ‘eal Were. 


SARS OFT? GW tg atisib PRET OS ss gehas 


Domain Index 

Env 20 | Restriction St Oper - 36 
Imp_map = 12. Type_set 31 D_type 36 
Imp 112 ‘Operdectt Si D_record 36 
Op 112 - Oper_name $1 ' D.oneof 96 
Type 2 Routine «82 2 D.comp 36 
~ Vimap 112 Constant = $2 D_proc. 36 
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